Developers / Engineers know that a build pipeline is an essential part of creating robust and reliable software, but what to put in it? This talk covers the creation of PurpleTeam from PoC to Alpha release, and why it’s an ideal fit for the security regression testing slot of your build pipeline.
Let me take you on the journey of trials, errors, and lessons learnt from getting a web app/API security regression testing proof of concept (PoC) to the next stage (alpha release).
In 2019, I gave a talk at OWASP New Zealand Day on a security regression testing PoC I had developed based on developer feedback. Since then, on top of a normal day job, I’ve been working on this project with every spare minute of time.
Let’s walk through the:
local
: you set-up all the purpleteam micro-services on your own machine or within your network. cloud
: all set-up is done for you, just create a job file and run itcloud
. Lambda functions (local
and cloud
). Redis pub/sub and lists, along with Server Sent Events for messaging. Many AWS services. Terraform and Terragrunt for IaCWe will then discuss the next steps for PurpleTeam, and how you can start using - and contributing to it if it’s missing something you need.