Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Getting Security Up to Speed with CI - CD

LASCON via YouTube

Overview

Explore a 40-minute conference talk from LASCON 2015 that delves into integrating security practices with Continuous Integration and Continuous Deployment (CI/CD) processes. Learn how Samsung's OpenCloud team developed a Threadfix-Centric Application Security Architecture to automate security testing. Discover why traditional AppSec approaches need updating, how security testing differs from QA testing, and the considerations for building a security automation framework. Gain insights into Threadfix's role beyond being a security dashboard and understand the core components of effective security implementation. Additionally, find out how to leverage QA regression tests to enhance AppSec testing coverage. The talk covers topics such as threat modeling, challenges in implementation, creating accounts and applications, configuring scans, utilizing tools like Zap proxy, and managing defects and issues in the CI/CD pipeline.

Syllabus

Intro
Threat Modeling
Big Bang
Challenges
Solution
Introduction
Create Account
Create Payment Application
Visit Application
Set Defect Tracker
Install Zap
Configure scans for web applications
Scan jobs
Bscan
QA regression
Payment regression
Zap proxy
Configure QA regression
Create XML file
Tools
Create a Defect
File Issues
Ticket Updates
Scanners
Security Transformation

Taught by

LASCON

Reviews

Start your review of Getting Security Up to Speed with CI - CD

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.