Learn about scaling security assessment in DevOps environments through this conference talk from AppSecUSA 2016. Explore the challenges of integrating security testing into rapid development cycles and discover Norad, a distributed security testing framework. Understand how Norad automates multiple security tools, aggregates results, and provides an SDK for community-developed test content. Gain insights into the framework's design philosophy, architecture, and practical usage. Delve into topics such as testability, scalability, and accessibility of security requirements in modern software development. Follow along as speakers from Cisco demonstrate how to address security gaps in continuous deployment scenarios and empower engineers with accessible security tools and results.
Scaling Security Assessment for DevOps - Norad Framework Introduction
Overview
Syllabus
Intro
Core Team
Development Trends (Cisco)
Security Testing is Hard
Deployment Models
Architecture: General
AWS Demo Network
Norad Terminology
Architecture: Public Scan
Architecture: Relay
Relay Connectivity Requirements
Enterprise (Dev-Box too)
Security Tests: Overview
Security Tests: Creation
Security Tests: Dockerfile
Security Tests: manifest.yml
Security Tests: Documentation NORAD
Security Tests: Readme.md
Security Tests: Wrapper Script
Security Tests: Unit Testing
Security Tests: Unit Test Targets
Test Content Examples
Security Tests: Serverspec
Documentation: API
Documentation: Relay
Open Source
Taught by
OWASP Foundation
