[Owasp-leaders] OWASP Project love for Defenders and Devs!
matt.tesauro at owasp.org
Fri May 27 14:29:53 UTC 2016
I just want to shine a light on some positive developments in the OWASP
Project space - particularly for those AppSec Defenders and devs in general:
(1) OWASP AppSec Pipeline
This project was created by Aaron Weaver and myself to fill a need we both
saw at OWASP - where is the one-stop-shop for security pros running AppSec
programs? OWASP has tons of great material but no curated list of things
to review for your AppSec Program. Add automation and some tenants from
Agile, CI/CD and DevOps and AppSec programs can see huge gains - 5x in one
case. New things in the works:
* Aaron and I are speaking at AppSec EU - http://sched.co/6XPb and will
present more case studies on how AppSec Pipelines can vastly improve AppSec
programs plus some really great work on Weaponizing Jenkins (tm) - just
kidding. Props to Aaron for his early work here.
* AppSec Pipeline Toolbox - I'm close to launching the AppSec Pipeline
Toolbox website. This site will provide unbiased meta-data on AppSec
tools, where they can be used in an AppSec Pipeline, and how automate-able
they are with APIs, etc. Look for an initial survey to seed tool data
soon. After that, all the site's tool data will live on Githb in markdown
and be track-able and update-able via Pull Requests - fully visible to
(2) OWASP WTE - Docker, docker, docker!
Its that time again - a new Ubuntu LTS and all new packages for OWASP WTE.
This time, I'm expanding the OWASP WTE deliverables from .deb packages and
VMs with Docker images. I've already Docker-ized my tool chain to build
WTE and for every package I create, a Docker image/dockerfile will be
created and stored in Github & Docker Hub.
These docker images will be built with automation in mind to further assist
in Weaponizing CI/CD so AppSec works as fast as the dev shops are. Look
for a ton of synergy / interaction with the AppSec Pipeline project.
Devs love docker and so does OWASP WTE! OWASP WTE Docker for the win.
I wanted to announce all this on the tail end of last week but got sick for
a couple of days and am just catching up. I'm back to normal and ready to
pump out some project awesome.
-- Matt Tesauro
OWASP AppSec Pipeline Lead
OWASP WTE Project Lead
http://AppSecLive.org <http://appseclive.org/> - Community and Download site
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders