Make Me a Sandwich: Automating a Custom SecDevOps Pipeline

Explore a comprehensive conference talk on automating a custom SecDevOps pipeline, presented by Patrick Albert and Tony Trummer at APPSEC CA 2017. Delve into the challenges of finding vulnerabilities and learn about server-side hooks, webhooks, and build servers. Discover strategies for configuring Github Auth, polling, and build step actions. Examine integration point issues and SDLC Automation Integration points. Gain insights into building your own tools, including SAST tools, and understanding grammars. Explore improvement strategies for automation in security development operations. This 46-minute presentation, hosted by the OWASP Foundation, offers valuable knowledge for security professionals and developers looking to enhance their SecDevOps practices.

Intro
Premise
Cost of finding vulnerabilities
Server-side hooks
Webhooks
Build servers
Configuring Github Auth
Configuring polling
Objectives
Build Steps actions
Considerations
Integration point issues
SDLC Automation Integration points
Building your own tools
Building your own SAST Tool
What's a grammar?
Improving automation
Strategies