What OWASP tools/projects we already have and what are we missing to deliver secure devops pipelines

When (day):
Fri
At:
14:00 - 16:00
Watch
Zoom link will be available very soon

Training Session Video

Session Slides

Notable logs from the chat during the session

16:19:55 From Francesco Cipollone : Owen from OWASP did some benchmarking for us
16:20:08 From Francesco Cipollone : if you reach out to grant Ongers he might be able to share
16:20:16 From Francesco Cipollone : @dominik
16:30:33 From Niels H : Bill of Material of your software might contain cloud SDKs
16:37:59 From Daniel C : https://github.com/actions
16:38:32 From Daniel C : https://github.com/marketplace?type=actions
17:01:46 From André Ferreira : It fells like a porting of the OWASP developer guide into some sort of a base threat modelling?
17:02:56 From Alona Reyes to Daniel C(Privately) : From André Ferreira to Everyone: 05:01 PM
It fells like a porting of the OWASP developer guide into some sort of a base threat modelling?
17:07:16 From Andrew van der Stock : I was thinking of Developer Guide in an electronic, filterable version per language, concentrating on core concerns first. This would could be an evolution / amalgamation of the Testing Guide
17:07:50 From André Ferreira : I liked your previous idea of turning that into a curriculum, and I’m sad I’ve only learned of its existence today
17:23:20 From Dinis Cruz : On the topic of mapping multiple security frameworks and controls see https://github.com/OpenSecuritySummit/security-controls-mapping
17:27:45 From Dinis Cruz : meeting : 728 239 1769
17:27:50 From Dinis Cruz : 768504
17:36:18 From André Ferreira : I think you might need to revisit your goal, despite Nobel. You won’t make devs life easier, you will wake them up
17:40:06 From Andrew van der Stock : Andre, can you chip in on your point as I think I understand it, but I would like to know more
17:45:05 From Niels H : a reference pipeline?
17:45:20 From Alona Reyes to Daniel C(Privately) :
From Niels H to Everyone: 05:45 PM a reference pipeline?


Back to list of all Working Sessions