Explore methods for calculating and tracking web application attack surface evolution in this 27-minute conference talk from AppSec EU 2017. Dive into techniques for integrating security testing into CI/CD pipelines, focusing on metrics and thresholds for DevOps practices. Learn about manual testing, hybrid analysis mapping, and dynamic application security testing. Discover how to use commandline client scans, analyze changes over time and between commits, detect new attack surfaces, and identify potential vulnerabilities in GitHub repositories. Gain valuable insights on optimizing security testing activities and effectively monitoring your application's attack surface to enhance overall security posture.
Monitoring Attack Surface and Integrating Security into DevOps Pipelines
Overview
Syllabus
Intro
Agenda
Background
OAuth Zap
Example Code Base
Attack Surface and DevOps
Manual Testing
Hybrid Analysis Mapping
Dynamic Application Security Testing
Commandline Client
Scans
Looking over time
Looking between commits
Viewing files impacted by commits
Detecting new attack surface
Github repository
Identifying the attack surface
Taught by
OWASP Foundation
Related Courses
-
DevSecOps: Adding Security Testing Tools to Pipelines
-
Monitoring Application Attack Surface and Integrating Security into DevOps Pipelines
-
Monitoring Attack Surface and Integrating Security into DevOps Pipelines
-
Mapping CI/CD Attack Surfaces - Strategies and Insights
-
Improving Penetration Testing Efficiency with OWASP Code Pulse and Attack Surface Detector
-
Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines
