Track: | DevSecOps |
---|---|
When: | Wed PM-2 |
Where: | Pedley |
Organizers | Rüdiger Heins Rüdiger Heins , Benjamin Brunzel Benjamin Brunzel , Timo Pagel Timo Pagel |
Participants | Jannik Hollenbach Jannik Hollenbach , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , David Jensen David Jensen , Dinis Cruz Dinis Cruz , Pedro Laguna Pedro Laguna , Peter Turczak Peter Turczak , Ruben Tronçon Ruben Tronçon |
Awareness of security challenges is crucial for delivering high-quality software. This awareness has to be fostered and applied continuously.
WHY
The secureCodeBox provides an open source toolchain for continuous security scanning of your applications. It helps you to find the low-hanging fruit issues early in the development process, freeing the resources of human penetration testers to concentrate on the major security issues. Under the hood we use well-known and open source licensed security scanners like OWASP ZAP, Arachni, NMAP, Nikto, SSLyze. The peculiarity of the solution is the high integration capability in existing build processes, which we will show in a live demonstration.
What
The goal of this User Session is to teach participants how they can integrate security tools in their continous delivery pipeline based on the open source project secureCodeBox. The project aims to reduce the time to bootstrap your environment with a bunch of security tools.
Outcomes
Outcomes:
- Participants can see an demo setup from start to finish. Since this is all open source and part of the secureCodeBox project, attendees can try this for their own pipeline.
- We are highly interested in your feedback and ideas about the project. How can we improve it?
- Are you interested to be involved? Help to spread the idea and grow up.
Who
The target audience for this Working Session is:
- Developers
- Security professionals
- DevSecOps professionals
References
Register as participant
To register as participant add secureCodeBox - How to improve your CI/CD pipeline with automated security tests
to either:
- the
sessions
metadata field from your participant's page (find your participant page and look for the edit link). - or the
participants
metadata field from this git session page
Back to list of all User Sessions