Integrating Security Tools in the SDL using OWASP DevSecOps Studio

Track: DevSecOps
When: Mon PM-1
Where: Maulden
Organizers Imran Mohammed A Imran Mohammed A
Participants Francois Raynaud Francois Raynaud , Timo Pagel Timo Pagel , Jim Newman Jim Newman , Orid Ahmed Orid Ahmed , Russell Coleman Russell Coleman , Alex Chapman Alex Chapman , Abhinav Sejpal Abhinav Sejpal , Avi Douglen Avi Douglen , Dominik de Smit Dominik de Smit , John DiLeo John DiLeo , Jonas Vanalderweireldt Jonas Vanalderweireldt , Luis Saiz Luis Saiz , Mark Stickley Mark Stickley , Ruben Tronçon Ruben Tronçon , Sotiraki Sima Sotiraki Sima , Tanya Janca Tanya Janca
Remote Participants Andrew Martin Andrew Martin , Cao Wei Cao Wei , Domenico Malorni Domenico Malorni , Ernesto Bethencourt Ernesto Bethencourt , Harmeet Singh Harmeet Singh , MrsYisWhy MrsYisWhy , Sophie Tonnoir Sophie Tonnoir , Sugumaran Uppili Sugumaran Uppili , Vinod Anandan Vinod Anandan

Most of today´s application security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.

The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.

Topic

The goal of this User Session is to teach participants about how they can integrate security tools in the SDL using OWASP DevSecOps Studio and DevSecOps Integra Projects.

OWASP DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started and is mostly automatic.

DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices.

Target Audience

The target audience for this Working Session is: - Developers - Security professionals - DevSecOps - Security champions

Content

We will cover the following topics as part of this session

  • Benefits of Integrating security tools in SDL
  • CI/CD and security tools
  • Different challenges involved while integration
  • Using DevSecOps Studio to do hands-on exercise with open source projects

References

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions): - The Security Development Lifecycle - SDL in Practice

Register as participant

To register as participant add Integrating Security Tools in the SDL using OWASP DevSecOps Studio to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all User Sessions