Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Test Driven Security in the DevOps Pipeline

OWASP Foundation via YouTube

Overview

Explore Test Driven Security in the DevOps pipeline through this 42-minute conference talk from AppSecUSA 2017. Learn how to implement a baseline of security controls and test them continuously within the deployment process. Discover the benefits of writing security tests first, including clarified expectations, specific and testable controls, high reusability, and real-time detection of security regressions. Gain insights into practical examples such as implementing Content Security Policy, CSRF token requirements, and SSH root login restrictions. Understand how this approach, similar to Test Driven Development, can help catch vulnerabilities early and improve overall security posture. Follow along as the speaker, Julien Vehent, Firefox Operations Security Lead at Mozilla, shares his expertise in web application security and services architecture.

Syllabus

Intro
Julien Vehent
Vulnerabilities by type
Bug Bounty payouts
A DevOps pipeline
Test Driven Security
Define a Security baseline
1. Writing a Security checklist
Test the baseline
2.1 ZAP Baseline scanning
2.2 Static code analysis
2.3 Security group testing
2.3 Security testing
2.4 TLS Quality
Gating prod deploys
Does it work?

Taught by

OWASP Foundation

Reviews

Start your review of Test Driven Security in the DevOps Pipeline

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.