YoVDO

Security DevOps - Staying Secure in Agile Projects

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Jenkins Courses Agile Development Courses

Course Description

Overview

Explore security DevOps strategies for maintaining security in agile projects through this conference talk from AppSecEU 2015. Dive into four different axes of security implementation, including dynamic depth, static depth, intensity, and consolidation. Learn how to integrate tools like ZAP, Jenkins, BDD-Security, and Gauntlt into your CI/CD pipeline. Discover techniques for guiding security tools into post-authentication scenarios, conducting backend scans, and handling special workflows. Examine methods for consolidating security reports, flagging builds, and incorporating code coverage analysis. Gain insights on balancing security measures with agile development practices to ensure robust application security throughout the development lifecycle.

Syllabus

Intro
Why Security DevOps?
Four different axes
Let's explore these axes
Axis of "Dynamic Depth"
Axis "Dynamic Depth": Level 1
ZAP in SecDevOps?
ZAP + Jenkins = SecDevOps?
BDD-Security in SecDevOps?
Gauntlt in SecDevOps?
Axis "Dynamic Depth": Level 2
Guide ZAP into Post-Auth in CI
Guide Arachni into Post-Auth
Guide BDD-Security into Post-Auth
Axis "Dynamic Depth": Level 3
Backend scans with ZAP
Backend scans with Arachni
Axis "Dynamic Depth": Level 4
ZAP with special workflows (2/3)
ZAP with special workflows (3/3)
BDD with special workflows
If no Selenium test code exists!
Axis of "Static Depth"
Axis of "Intensity"
Axis of "Consolidation"
Axis "Consolidation": Level 1
Axis "Consolidation": Level 2
Flagging builds from reports
Axis "Consolidation": Level 3
Axis "Consolidation": Level 4
Code coverage analysis


Taught by

OWASP Foundation

Related Courses

Continuous Integration and Continuous Deployment
Microsoft via edX Introduction to Jenkins
Linux Foundation via edX Scheduling Selenium TestNG tests via Jenkins CI/CD tool
Coursera Project Network via Coursera Set up a Continuous Integration (CI) workflow in CIrcleCI
Coursera Project Network via Coursera Jenkins : Automating your delivery pipeline
Coursera Project Network via Coursera