Building A Security Test Automation Framework by Riccardo Ten Cate скачать в хорошем качестве

Building A Security Test Automation Framework by Riccardo Ten Cate

Either to implement in your SSDLC, or you just want to have a security test automation framework to i.e periodically scan your infrastructure? In this talk, I am going to present some best practices for how to build a "security test automation framework". These best practices derived directly from all the pitfalls I encountered from implementing these type of solution for my customers. This talk teaches how to create an agnostic and scalable solution with Docker and Kubernetes. Dockerize your favorite security tooling Deploy these containers in your Kubernetes cluster This talk teaches how to manage your findings effectively with a vulnerability management solution Use Defect Dojo to manage your vulnerabilities Use Defect Dojo for Delta reporting Use Defect Dojo for false positive suppression This talk teaches how to prevent key sprawl and manage your secrets with a Keyvault Store and manage your API keys No more hardcoded secrets in your application Even use it to build TOTP (Time based one time passwords) This talk teaches you everything you need to know to get started with security test automation and how to implement your favorite security tooling into different CI/CD platforms (Jenkins, VSTS, Travis, etc) and into their pipelines. Riccardo ten Cate As a penetration tester from the Netherlands Riccardo specializes in web application security and has extensive knowledge in securing web applications in multiple coding languages. Riccardo also has expertise on implementing security test automation in CI/CD pipelines and is a project leader of the OWASP Security knowledge framework. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...