SlideShare uma empresa Scribd logo

Owasp glue

Transferir como PPTX, PDF
Soluto
Soluto

We all know that running security tests on a CI can gives us a lot of value. And we all know already a few good security tools that we are running or planning to run continuously to ensure our app stays secure. But integrating those tools into the CI is not a simple task. Each one of those tools has it's own API and does not always support all the features we want. For example, we might want to report the finding of each tools as TeamCity tests, or maybe we are using Jira and want to open a new issue for each finding. And what about filtering false positives? Any automated tool will produce false positive findings, but how can we filter them? In this talk I'll demo OWASP Glue - a tool that aims to ease the integration of various security tools into the CI/CD pipeline. The talk was presented on DevSecOps meetup

Tecnologia
1 de 25
OWASP Glue @omerlh #MeetupAtSoluto April 2018
Why another security tool?
Story Time
https://www.slashgear.com/petya-ransomware-finally-has-a-fix-no-need-to-pay-ransom-12435885/
I should’ve read that report...
Let’s add some Glue
OWASP Glue ● Ease the integration of secure tools ● ”DevSecOps Tool” ● OWASP Open Source Project
Task Target Findings
Findings Filter Report
Currently Supported Tasks ● brakeman ● bundleaudit ● checkmarx ● clamav ● dawnscanner ● eslint ● fim ● findsecbugs ● nsp ● owasp-dep-check ● pmd ● retirejs ● scanjs ● sfl ● sync ● snyk ● OWASP zap
Running Glue OmerL-Mac$ docker run -it soluto/glue:17 glue -h
”DevSecOps tool” ● Quick win ● Break the build or it doesn’t happen ● Handling false positive ● Keep it DRY
Example from our production TeamCity
Wrap Up ● OWASP Glue ● ”DevSecOps tool” ● Using Glue
What Glue can do for YOU? @omerlh
Moment for Gratitude ● Matt Konda ● Alex Lock ● Rafa Perez
Acknowledgment ● Glue is an OWASP project ● Not active in the past year ● Temporary Maintained by Soluto (fork) ● Actively used by Soluto ● Hope to merge back to master
Now You Can Rest
Questions?
Thank You @omerlh #MeetupAtSoluto

Recomendados

DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASPPriyanka Raghavan
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized ApplicationsSoluto
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 

Recomendados

DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASPPriyanka Raghavan
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized ApplicationsSoluto
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOpsMichelangelo van Dam
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementShriniKulkarni
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneySonatype
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 

Mais conteúdo relacionado

Mais procurados

DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementShriniKulkarni
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneySonatype
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 

Mais procurados (20)

DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 

Semelhante a Owasp glue

The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...DevOpsDays Tel Aviv
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?Juan Picado
 
Clang Analyzer Tool Review
Clang Analyzer Tool ReviewClang Analyzer Tool Review
Clang Analyzer Tool ReviewDoug Schuster
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandMatt Tesauro
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
 
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPContinuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPQAware GmbH
 
Deploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesDeploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesFIWARE
 
WSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2
 
Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016vodqasg
 
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015CODE BLUE
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...ShaiAlmog1
 
OAuth2 and IdentityServer3
OAuth2 and IdentityServer3OAuth2 and IdentityServer3
OAuth2 and IdentityServer3Paul Glavich
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationThreatReel Podcast
 
Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Izzet Mustafaiev
 

Semelhante a Owasp glue (20)

The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?
 
Clang Analyzer Tool Review
Clang Analyzer Tool ReviewClang Analyzer Tool Review
Clang Analyzer Tool Review
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP Switzerland
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
 
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPContinuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
 
Deploy MediaWiki usgin Fiware Lab Facilities
Deploy MediaWiki usgin Fiware Lab FacilitiesDeploy MediaWiki usgin Fiware Lab Facilities
Deploy MediaWiki usgin Fiware Lab Facilities
 
Deploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesDeploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab Facilities
 
Agile devops in the cloud
Agile devops in the cloudAgile devops in the cloud
Agile devops in the cloud
 
WSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the Cloud
 
Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016
 
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
 
OAuth2 and IdentityServer3
OAuth2 and IdentityServer3OAuth2 and IdentityServer3
OAuth2 and IdentityServer3
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec Presentation
 
Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?
 

Mais de Soluto

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSoluto
 
Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scaleSoluto
 
Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniSoluto
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarSoluto
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?Soluto
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of MonitoringSoluto
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FEDSoluto
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlinSoluto
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Soluto
 
Kamus intro
Kamus introKamus intro
Kamus introSoluto
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your PipelineSoluto
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to HooksSoluto
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Soluto
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversimSoluto
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!Soluto
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentdSoluto
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a proSoluto
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshareSoluto
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaSoluto
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupSoluto
 

Mais de Soluto (20)

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec California
 
Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scale
 
Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
 
Kamus intro
Kamus introKamus intro
Kamus intro
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Owasp glue

Notas do Editor

  1. About me/solute OWASP member, contributor to Zap and Glue Active OpenSource contributor
  2. Zap is magic that find security issues No OWASP No cry Jane is an awesome dev – she want to get her code into production Jane told herself she will look on the report later
  3. Who was in a similar situation?
  4. Finding replace with pile of something
  5. Clean, pure Glue image. Without any other tools – create images based on this image
  6. Break the build or it doesn’t happen
  7. Soluto has strong believe in Glue
  8. All links will be on my twitter account