DAST with OWASP purpleteam

Kim Carter
July 2021
Project Podcast Direct Download Blog Post Talk Follow

Abstract

Kim Carter of BinaryMist discusses dynamic application security testing (DAST) and how the OWASP purpleteam project can improve early defect detection. Host Justin Beyer spoke with Carter about how DAST can provide meaningful feedback loops to developers to improve code quality and push penetration testing to the detection of higher-level vulnerabilities. They also discussed how the OWASP purpleteam project fills a gap in the open source DAST space. While discussing purpleteam, they dove into the project’s underlying architecture, such as how it leverages the Zed Attack Proxy (ZAP) project to detect the actual vulnerabilities in the application. There was also a discussion on how to integrate DAST into your software deployment pipelines.

Type
Podcast
Publication
Software Engineering Radio (SER) Episode 467, IEEE.

Software Engineering Radio

publication podcast application-security build-pipeline build-tool continuous-deployment continuous-integration cloud-security cybersecurity dev-ops dev-sec-ops free-and-open-source information-security infosec owasp penetration-testing purpleteam security security-testing software software-security web-application-security web-security
Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.