This talk covers: What is OWASP PurpleTeam? Why you would want it in your build pipelines. How you go about setting it up? What the work-flows look like, along with the recent donation of the cloud environment to OWASP.
This talk covers: What is OWASP PurpleTeam? Why you would want it in your build pipelines. How you go about setting it up? What the work-flows look like.
This talk covers: What is OWASP PurpleTeam? Why you would want it in your build pipelines. How you go about setting it up? What the work-flows look like.
This talk covers: What is OWASP PurpleTeam? Why you would want it in your build pipelines. How you go about setting it up? What the work-flows look like.
This talk covers: What is OWASP PurpleTeam? Why you would want it in your build pipelines. How you go about setting it up? What the work-flows look like.
Developers / Engineers know that a build pipeline is an essential part of creating robust and reliable software, but what to put in it? This talk covers the creation of purpleteam from PoC to Alpha release, and why it’s an ideal fit for the security regression testing slot of your build pipeline.
The security defaults of Docker are designed to get you up and running (“just work”) quickly, rather than being the most secure. There are many default configurations that can be improved upon. In this talk Kim will walk through improving the security of Docker hosts, containers, networking and deployments.
The OWASP ZAP HTTP intercepting proxy is useful for manually attacking your Web apps and APIs. Now, we have the official Node API to programatically drive ZAP to regression test our creations. Kim will show you how to build a fully featured security regression testing CLI, consumable by your CI/nightly builds.