Overview
Syllabus
Intro
Why Security DevOps?
Four different axes
Let's explore these axes
Axis of "Dynamic Depth"
Axis "Dynamic Depth": Level 1
ZAP in SecDevOps?
ZAP + Jenkins = SecDevOps?
BDD-Security in SecDevOps?
Gauntlt in SecDevOps?
Axis "Dynamic Depth": Level 2
Guide ZAP into Post-Auth in CI
Guide Arachni into Post-Auth
Guide BDD-Security into Post-Auth
Axis "Dynamic Depth": Level 3
Backend scans with ZAP
Backend scans with Arachni
Axis "Dynamic Depth": Level 4
ZAP with special workflows (2/3)
ZAP with special workflows (3/3)
BDD with special workflows
If no Selenium test code exists!
Axis of "Static Depth"
Axis of "Intensity"
Axis of "Consolidation"
Axis "Consolidation": Level 1
Axis "Consolidation": Level 2
Flagging builds from reports
Axis "Consolidation": Level 3
Axis "Consolidation": Level 4
Code coverage analysis
Taught by
OWASP Foundation