Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Scaling Security Assessment for DevOps - Norad Framework Introduction

OWASP Foundation via YouTube

Overview

Learn about scaling security assessment in DevOps environments through this conference talk from AppSecUSA 2016. Explore the challenges of integrating security testing into rapid development cycles and discover Norad, a distributed security testing framework. Understand how Norad automates multiple security tools, aggregates results, and provides an SDK for community-developed test content. Gain insights into the framework's design philosophy, architecture, and practical usage. Delve into topics such as testability, scalability, and accessibility of security requirements in modern software development. Follow along as speakers from Cisco demonstrate how to address security gaps in continuous deployment scenarios and empower engineers with accessible security tools and results.

Syllabus

Intro
Core Team
Development Trends (Cisco)
Security Testing is Hard
Deployment Models
Architecture: General
AWS Demo Network
Norad Terminology
Architecture: Public Scan
Architecture: Relay
Relay Connectivity Requirements
Enterprise (Dev-Box too)
Security Tests: Overview
Security Tests: Creation
Security Tests: Dockerfile
Security Tests: manifest.yml
Security Tests: Documentation NORAD
Security Tests: Readme.md
Security Tests: Wrapper Script
Security Tests: Unit Testing
Security Tests: Unit Test Targets
Test Content Examples
Security Tests: Serverspec
Documentation: API
Documentation: Relay
Open Source

Taught by

OWASP Foundation

Reviews

Start your review of Scaling Security Assessment for DevOps - Norad Framework Introduction

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.