The security defaults of Docker are designed to get you up and running (“just work”) quickly, rather than being the most secure. There are many default configurations that can be improved upon. In this talk Kim will walk through improving the security of Docker hosts, containers, networking and deployments.
The OWASP ZAP HTTP intercepting proxy is useful for manually attacking your Web apps and APIs. Now, we have the official Node API to programatically drive ZAP to regression test our creations. Kim will show you how to build a fully featured security regression testing CLI, consumable by your CI/nightly builds.
The ninth conference of its kind.
Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.
At OWASP NZ Day: What are we doing with all the characters that get shoved into our applications? Have we considered every potential execution context?