OWASP DevSecOps Studio

Track: DevSecOps
When: Wed AM-1
Where: Maulden
Organizers Imran Mohammed A Imran Mohammed A
Participants Francois Raynaud Francois Raynaud , Dominik de Smit Dominik de Smit , Manuel Jeckelmann Manuel Jeckelmann , Onkar Dhane , Stephen Hookings Stephen Hookings , Luis Saiz Luis Saiz , Daniel Garcia , Claudio Camerino Claudio Camerino , Mario Platt Mario Platt , Franziska Buehler Franziska Buehler , Abhinav Sejpal Abhinav Sejpal , Avi Douglen Avi Douglen , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Imran Chaudhari Imran Chaudhari , Matt Pendlebury Matt Pendlebury , Sven Schleier Sven Schleier , Tanya Janca Tanya Janca
Remote Participants Abdullah Garcia Abdullah Garcia , Andrew Martin Andrew Martin , Cao Wei Cao Wei , Domenico Malorni Domenico Malorni , Ernesto Bethencourt Ernesto Bethencourt , Ethan Schorer Ethan Schorer , Guy Jarvis Guy Jarvis , Jaysen Naidoo Jaysen Naidoo , MrsYisWhy MrsYisWhy , Mustaqiim Muhar Mustaqiim Muhar , Nicholas Tait Nicholas Tait , Omer Levi Hevroni Omer Levi Hevroni , Raghunath G Raghunath G , Sophie Tonnoir Sophie Tonnoir , Vinod Anandan Vinod Anandan

DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Free Practical DevSecOps Course at https://www.teachera.io/devsecops-course/

Why and What

DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices with the following features.

Easy to setup environment with just one command “vagrant up”
Teaches Security as Code, Compliance as Code, Infrastructure as Code
With built-in support for CI/CD pipeline
OS hardening using ansible
Compliance as code using Inspec
QA security using ZAP, BDD-Security and Gauntlt
Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
Security Monitoring using ELK stack

Outcomes

Add DevSecOps Integra into DevSecOps Studio Add new DevSecOps tools to Studio Add more Documentation to the project’s wiki - https://github.com/teacheraio/DevSecOps-Studio/wiki Improve tests for edge cases More details are available at https://github.com/teacheraio/DevSecOps-Studio/projects/1

Who

The target audiences for this Working Session are: - Security professionals - DevSecOps professionals - Developers - Security champions - Security aware individual and companies

Working materials

https://github.com/teacheraio/DevSecOps-Studio https://dso-studio.teachera.io/

Register as participant

To register as participant add OWASP DevSecOps Studio to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions