Chimera - Securing a Cloud App Ecosystem with ZAP at Scale

Explore a conference talk from AppSecUSA 2015 that delves into the challenges of securing a cloud application ecosystem with software developed by Independent Software Vendors (ISVs) and developers. Learn about Chimera, a project aimed at making security scanning more accessible for small developers and ISVs without dedicated security teams. Discover how the Salesforce AppExchange, with over 2,650 apps, tackles the complex task of maintaining security across its vast ecosystem. Gain insights into using the Heroku platform to deploy ZAP and other industry-standard tools at scale, making them available to developers with no security expertise. Understand the importance of shared responsibility in ecosystem security and how Chimera facilitates this approach. Explore the potential of using data collected by ZAP in the cloud to predict future vulnerabilities within the scanned ecosystem.