Explore strategies for building a secure DevOps pipeline in this 43-minute conference talk from AppSecUSA 2017. Learn how to adapt AppSec programs to keep pace with rapid software development using automation, continuous health checks, and event-based security. Discover real-world examples and statistics from companies with 4,000 to 40,000+ employees who have successfully implemented these approaches. Gain insights on leveraging Docker for horizontal scaling of security work and aligning AppSec with DevOps, Agile, and Continuous Delivery methodologies. Cover key topics including AppSec Pipeline, DevOps changes, pipeline features, automation tools, ChatOps, and case studies from two companies' pipeline implementations.
Overview
Syllabus
Introduction
AppSec Pipeline
Trains
Travel
Trains Change
DevOps Changes
Meeting in the Middle
Pipelines
Key Features
Pipeline
DevOps Handbook
AppSec Team
Wasp
Defect Dojo
Rap
Automation
Chat Ops
Never get success
Ask the bots
Push to S3
ChatOps
Security Tests
Security Test
Case Studies
Pipeline Company 1
Pipeline Company 2
Taught by
OWASP Foundation
Related Courses
-
AppSec Pipelines and Event-based Security - Moving Beyond a Traditional Security Test
-
AppSec++ - Taking the Best of Agile, DevOps, and CI/CD into Your AppSec Program
-
DevOps Capstone Project
-
AZ-400: Implement a secure continuous deployment using Azure Pipelines
-
Doing AppSec at Scale - DevOps + Agile + CI/CD == AppSec Pipelines
-
Taking AppSec to 11: Pipelines, DevOps and Making Things Better
