OWASP Defect Dojo

Track: DevSecOps
When: Tue AM-1
Where: Maulden
Organizers Imran Mohammed A Imran Mohammed A , Manuel Jeckelmann Manuel Jeckelmann
Participants Francois Raynaud Francois Raynaud , Franziska Buehler Franziska Buehler , Abhinav Sejpal Abhinav Sejpal , Jonas Vanalderweireldt Jonas Vanalderweireldt , Manuel Jeckelmann Manuel Jeckelmann , Paul Dubourg Paul Dubourg , Peter Turczak Peter Turczak , Radu Tighineanu Radu Tighineanu , Sven Schleier Sven Schleier , Tanya Janca Tanya Janca
Remote Participants Cao Wei Cao Wei , Ernesto Bethencourt Ernesto Bethencourt , Harmeet Singh Harmeet Singh , MrsYisWhy MrsYisWhy , Mustaqiim Muhar Mustaqiim Muhar , Sophie Tonnoir Sophie Tonnoir , Sugumaran Uppili Sugumaran Uppili

An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.

DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.

Why and What

DefectDojo streamlines the security testing process through several ‘models’ that an admin can manipulate with Python code. More and more organizations are using Defect Dojo as their go-to tool for vulnerability management. Hence, its important to maintain the project with latest technology trends like API first, Github Issue support, uniform deployment strategy and many more modern features. This working session aims to discuss and add new features to Defect Dojo.

Outcomes

Add Scan Integration 2.0, which is focused on shifting our integration with uploads to APIs Test new API v2 to cover all use cases Add the ability for Dojo to check for and apply updates. Add support for Github Issues A more readable code base with pep8 standards More details are available at https://github.com/DefectDojo/django-DefectDojo/projects/5

Who

The target audiences for this Working Session are: - Security professionals - DevSecOps professionals - Developers - Security champions - Security aware individual and companies

Working materials

https://github.com/DefectDojo/django-DefectDojo https://www.owasp.org/index.php/OWASP_DefectDojo_Project

Register as participant

To register as participant add OWASP Defect Dojo to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions