Talk - Purple Teaming with OWASP purpleteam


PurpleTeam is a security regression testing CLI and SaaS targeting Web applications and APIs. The CLI is specifically targeted at sitting within your build pipelines but can also be run manually. The SaaS that does the security testing of your applications and/or APIs can be deployed anywhere.

Oct 29, 2021 16:00 PM — 16:30 PM
Virtual Online
Kim Carter

Kim will briefly discuss the three year journey that has brought purpleteam from a proof of concept (PoC) to where it is now.

An overview of the NodeJS micro-services with a pluggable tester architecture will be provided.

Why would I want it in my build pipelines?

In this section Kim will discus the problem that purpleteam solves, along with the cost savings of finding and fixing your application security defects early (as you’re introducing them) as opposed to late (weeks months later with external penetration testing) or not at all.

OK, I want it, how do I set it up?

Kim will walk you through all of the components and how to get them set-up and configured

Great, but what do the work flows look like?

Let’s walk through the different ways purpleteam can be run and utilised, such as:

  • Running purpleteam standalone (with UI)
  • Running purpleteam from within your pipelines as a spawned sub process (headless: without UI)
  • Running all of the purpleteam components, including debugging each and every one of them if and when the need arises

Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.