Explore the critical intersection of cybersecurity and DevOps in this 45-minute conference talk from LASCON 2016. Delve into the concept of attack surface monitoring and learn effective strategies for seamlessly integrating security measures into DevOps pipelines. Examine the balance between automated and manual testing approaches, with a focus on Dynamic Application Security Testing (DAST). Discover techniques for merging static and dynamic results to enhance overall security posture. Gain insights into the challenges faced in this domain and witness a practical demonstration of relevant tools, plugins, and visualization techniques. Conclude by understanding key metrics for measuring the success of security integration in DevOps environments.
Monitoring Attack Surface and Integrating Security into DevOps Pipelines
Overview
Syllabus
Introduction
Attack Surface and DevOps
Automation vs Manual Testing
Dynamic Application Security Testing
Merge Static and Dynamic Results
Why is this a problem
Demo
Plugins
Visualization
Metrics
Taught by
LASCON
Related Courses
-
Monitoring Attack Surface and Integrating Security into DevOps Pipelines
-
Application Security for Developers and DevOps Professionals
-
DevSecOps Fundamentals
-
Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines
-
The ABCs of Source-Assisted Web Application Penetration Testing
-
Improving Penetration Testing Efficiency with OWASP Code Pulse and Attack Surface Detector
