Robots with Pentest Recipes - Automating Security Testing in DevOps
Overview
Explore a 40-minute conference talk from APPSEC Cali 2018 that addresses the challenges faced by Application Security teams in continuous delivery environments. Learn how the Robot Framework can be leveraged to create and execute security testing recipes, integrating various security tools like OWASP ZAP, Nmap, and Nessus under a common fabric. Discover how this approach enables easier security testing across different environments, allowing various teams to author security testing pipelines with minimal involvement from stretched AppSec teams. Gain insights into the open-source libraries developed for popular security tools, which can be invoked using simple test syntax. Understand how this method can be used to run automated pentests, complete with recon, mapping, and vulnerability discovery phases. The talk, presented by Abhay Bhargav, CTO of we45, covers topics such as Security in DevOps, automation challenges, and practical demonstrations of security use cases using the Robot Framework.
Syllabus
Intro
Overview
Security in DevOps
Security Challenges
Automation Challenges
Solutions
Robot Framework
Why we like it
Demo
Security Use Cases
Selenium Script
Taught by
OWASP Foundation