[Owasp-leaders] OWASP Project love for Defenders and Devs!
alewis at owasp.org
Fri May 27 23:10:23 UTC 2016
Matt - GOOD STUFF! Your AppSec pipelines preso was very well received at
SnowFROC - GL w/AppSec EU!
WRT WTE - is there any chance you've got some resources you'd recommend for
Thanks for sending this & working on these - you're right about the
Pipeline helping establish workflow for AppSec...
On Fri, May 27, 2016 at 8:29 AM, Matt Tesauro <matt.tesauro at owasp.org>
> I just want to shine a light on some positive developments in the OWASP
> Project space - particularly for those AppSec Defenders and devs in general:
> (1) OWASP AppSec Pipeline
> This project was created by Aaron Weaver and myself to fill a need we both
> saw at OWASP - where is the one-stop-shop for security pros running AppSec
> programs? OWASP has tons of great material but no curated list of things
> to review for your AppSec Program. Add automation and some tenants from
> Agile, CI/CD and DevOps and AppSec programs can see huge gains - 5x in one
> case. New things in the works:
> * Aaron and I are speaking at AppSec EU - http://sched.co/6XPb and will
> present more case studies on how AppSec Pipelines can vastly improve AppSec
> programs plus some really great work on Weaponizing Jenkins (tm) - just
> kidding. Props to Aaron for his early work here.
> * AppSec Pipeline Toolbox - I'm close to launching the AppSec Pipeline
> Toolbox website. This site will provide unbiased meta-data on AppSec
> tools, where they can be used in an AppSec Pipeline, and how automate-able
> they are with APIs, etc. Look for an initial survey to seed tool data
> soon. After that, all the site's tool data will live on Githb in markdown
> and be track-able and update-able via Pull Requests - fully visible to
> (2) OWASP WTE - Docker, docker, docker!
> Its that time again - a new Ubuntu LTS and all new packages for OWASP
> WTE. This time, I'm expanding the OWASP WTE deliverables from .deb
> packages and VMs with Docker images. I've already Docker-ized my tool
> chain to build WTE and for every package I create, a Docker
> image/dockerfile will be created and stored in Github & Docker Hub.
> These docker images will be built with automation in mind to further
> assist in Weaponizing CI/CD so AppSec works as fast as the dev shops are.
> Look for a ton of synergy / interaction with the AppSec Pipeline project.
> Devs love docker and so does OWASP WTE! OWASP WTE Docker for the win.
> I wanted to announce all this on the tail end of last week but got sick
> for a couple of days and am just catching up. I'm back to normal and ready
> to pump out some project awesome.
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> OWASP WTE Project Lead
> http://AppSecLive.org <http://appseclive.org/> - Community and Download
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders