Test Driven Security in the DevOps Pipeline
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore Test Driven Security in the DevOps pipeline through this 42-minute conference talk from AppSecUSA 2017. Learn how to implement a baseline of security controls and test them continuously within the deployment process. Discover the benefits of writing security tests first, including clarified expectations, specific and testable controls, high reusability, and real-time detection of security regressions. Gain insights into practical examples such as implementing Content Security Policy, CSRF token requirements, and SSH root login restrictions. Understand how this approach, similar to Test Driven Development, can help catch vulnerabilities early and improve overall security posture. Follow along as the speaker, Julien Vehent, Firefox Operations Security Lead at Mozilla, shares his expertise in web application security and services architecture.
Syllabus
Intro
Julien Vehent
Vulnerabilities by type
Bug Bounty payouts
A DevOps pipeline
Test Driven Security
Define a Security baseline
1. Writing a Security checklist
Test the baseline
2.1 ZAP Baseline scanning
2.2 Static code analysis
2.3 Security group testing
2.3 Security testing
2.4 TLS Quality
Gating prod deploys
Does it work?
Taught by
OWASP Foundation
Related Courses
Secure Android App DevelopmentUniversity of Southampton via FutureLearn DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning Microsoft DevOps Solutions: Developing Security and Compliance
Pluralsight Using Security Analysis Tools to Protect ASP.NET and ASP.NET Core Applications
Pluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight