Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Monitoring Attack Surface and Integrating Security into DevOps Pipelines

OWASP Foundation via YouTube

Overview

Explore methods for calculating and tracking web application attack surface evolution in this 27-minute conference talk from AppSec EU 2017. Dive into techniques for integrating security testing into CI/CD pipelines, focusing on metrics and thresholds for DevOps practices. Learn about manual testing, hybrid analysis mapping, and dynamic application security testing. Discover how to use commandline client scans, analyze changes over time and between commits, detect new attack surfaces, and identify potential vulnerabilities in GitHub repositories. Gain valuable insights on optimizing security testing activities and effectively monitoring your application's attack surface to enhance overall security posture.

Syllabus

Intro
Agenda
Background
OAuth Zap
Example Code Base
Attack Surface and DevOps
Manual Testing
Hybrid Analysis Mapping
Dynamic Application Security Testing
Commandline Client
Scans
Looking over time
Looking between commits
Viewing files impacted by commits
Detecting new attack surface
Github repository
Identifying the attack surface

Taught by

OWASP Foundation

Reviews

Start your review of Monitoring Attack Surface and Integrating Security into DevOps Pipelines

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.