Making Vulnerability Management Easier with DefectDojo - 2016 OWASP Project

Explore a comprehensive overview of DefectDojo, an open-source vulnerability management tool, in this 37-minute LASCON conference talk. Discover how this innovative solution, born from one security engineer's initiative in 2013, aims to simplify and streamline the often tedious process of vulnerability management. Learn about DefectDojo's key features, including templating, report generation, metrics, and baseline self-service tools, and understand how it has been successfully implemented in multiple large enterprises. Gain insights into the tool's development history, product maturity, Docker integration, and its ultimate goal of making vulnerability management more efficient. Delve into topics such as stand-alone versus Docker deployment, common themes in vulnerability management, supported product types and scanners, upcoming features, and the Python Django framework used for development. Understand how DefectDojo can be run on AWS, manage open findings, and utilize various importer options. Explore the ability to update directly from the user interface and see how this tool can potentially revolutionize your approach to vulnerability management.

Intro
Gregs background
Curious George
Product Maturity
Docker
Why DefectDojo
The End Goal
Welldocumented
Stand Alone vs Docker
History of Vulnerability Management
I told my boss
I tried to make a new vulnerability management tool
Common themes
Product type
Scanners
Plugins
Upcoming features
Python Django
I dont know Python
Running DefectDojo on AWS
Open Findings
Importer Options
Update Directly from UI