YoVDO

Monitoring Attack Surface and Integrating Security into DevOps Pipelines

Offered By: OWASP Foundation via YouTube

Tags

Application Security Courses DevOps Courses OAuth Courses Continuous Deployment Courses Continuous Integration Courses Web Application Security Courses Security Testing Courses OWASP ZAP Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore methods for calculating and tracking web application attack surface evolution in this 27-minute conference talk from AppSec EU 2017. Dive into techniques for integrating security testing into CI/CD pipelines, focusing on metrics and thresholds for DevOps practices. Learn about manual testing, hybrid analysis mapping, and dynamic application security testing. Discover how to use commandline client scans, analyze changes over time and between commits, detect new attack surfaces, and identify potential vulnerabilities in GitHub repositories. Gain valuable insights on optimizing security testing activities and effectively monitoring your application's attack surface to enhance overall security posture.

Syllabus

Intro
Agenda
Background
OAuth Zap
Example Code Base
Attack Surface and DevOps
Manual Testing
Hybrid Analysis Mapping
Dynamic Application Security Testing
Commandline Client
Scans
Looking over time
Looking between commits
Viewing files impacted by commits
Detecting new attack surface
Github repository
Identifying the attack surface


Taught by

OWASP Foundation

Related Courses

Startup Engineering
Stanford University via Coursera Developing Scalable Apps in Java
Google via Udacity Cloud Computing Concepts, Part 1
University of Illinois at Urbana-Champaign via Coursera Cloud Networking
University of Illinois at Urbana-Champaign via Coursera Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera