Scaling Security Assessment for DevOps - Norad Framework Introduction
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Learn about scaling security assessment in DevOps environments through this conference talk from AppSecUSA 2016. Explore the challenges of integrating security testing into rapid development cycles and discover Norad, a distributed security testing framework. Understand how Norad automates multiple security tools, aggregates results, and provides an SDK for community-developed test content. Gain insights into the framework's design philosophy, architecture, and practical usage. Delve into topics such as testability, scalability, and accessibility of security requirements in modern software development. Follow along as speakers from Cisco demonstrate how to address security gaps in continuous deployment scenarios and empower engineers with accessible security tools and results.
Syllabus
Intro
Core Team
Development Trends (Cisco)
Security Testing is Hard
Deployment Models
Architecture: General
AWS Demo Network
Norad Terminology
Architecture: Public Scan
Architecture: Relay
Relay Connectivity Requirements
Enterprise (Dev-Box too)
Security Tests: Overview
Security Tests: Creation
Security Tests: Dockerfile
Security Tests: manifest.yml
Security Tests: Documentation NORAD
Security Tests: Readme.md
Security Tests: Wrapper Script
Security Tests: Unit Testing
Security Tests: Unit Test Targets
Test Content Examples
Security Tests: Serverspec
Documentation: API
Documentation: Relay
Open Source
Taught by
OWASP Foundation
Related Courses
Postman - Intro to APIs (without coding)Coursera Project Network via Coursera NEW:Angular Material: The full guide using a Spring boot API
Udemy Generate API Documentation from Postman
Coursera Project Network via Coursera Node.js API Masterclass With Express & MongoDB
Udemy Documenting an ASP.NET Core API with OpenAPI / Swagger
Pluralsight