[Owasp-leaders] OWASP Project love for Defenders and Devs!

Andy Lewis alewis at owasp.org
Fri May 27 23:10:23 UTC 2016


Matt - GOOD STUFF!  Your AppSec pipelines preso was very well received at
SnowFROC - GL w/AppSec EU!

WRT WTE - is there any chance you've got some resources you'd recommend for
Docker Noobs?

Thanks for sending this & working on these - you're right about the
Pipeline helping establish workflow for AppSec...
Andy

On Fri, May 27, 2016 at 8:29 AM, Matt Tesauro <matt.tesauro at owasp.org>
wrote:

> I just want to shine a light on some positive developments in the OWASP
> Project space - particularly for those AppSec Defenders and devs in general:
>
> (1) OWASP AppSec Pipeline
>
> This project was created by Aaron Weaver and myself to fill a need we both
> saw at OWASP - where is the one-stop-shop for security pros running AppSec
> programs?  OWASP has tons of great material but no curated list of things
> to review for your AppSec Program.  Add automation and some tenants from
> Agile, CI/CD and DevOps and AppSec programs can see huge gains - 5x in one
> case.  New things in the works:
>
> * Aaron and I are speaking at AppSec EU - http://sched.co/6XPb and will
> present more case studies on how AppSec Pipelines can vastly improve AppSec
> programs plus some really great work on Weaponizing Jenkins (tm) - just
> kidding.  Props to Aaron for his early work here.
>
> * AppSec Pipeline Toolbox - I'm close to launching the AppSec Pipeline
> Toolbox website.  This site will provide unbiased meta-data on AppSec
> tools, where they can be used in an AppSec Pipeline, and how automate-able
> they are with APIs, etc.  Look for an initial survey to seed tool data
> soon.  After that, all the site's tool data will live on Githb in markdown
> and be track-able and update-able via Pull Requests - fully visible to
> anyone.
>
> (2) OWASP WTE - Docker, docker, docker!
>
> Its that time again - a new Ubuntu LTS and all new packages for OWASP
> WTE.  This time, I'm expanding the OWASP WTE deliverables from .deb
> packages and VMs with Docker images.  I've already Docker-ized my tool
> chain to build WTE and for every package I create, a Docker
> image/dockerfile will be created and stored in Github & Docker Hub.
>
> These docker images will be built with automation in mind to further
> assist in Weaponizing CI/CD so AppSec works as fast as the dev shops are.
> Look for a ton of synergy / interaction with the AppSec Pipeline project.
>
> Devs love docker and so does OWASP WTE!  OWASP WTE Docker for the win.
>
> I wanted to announce all this on the tail end of last week but got sick
> for a couple of days and am just catching up.  I'm back to normal and ready
> to pump out some project awesome.
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
> OWASP WTE Project Lead
> *https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
> <https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project>*
> http://AppSecLive.org <http://appseclive.org/> - Community and Download
> site
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/9e76080e/attachment-0001.html>


More information about the OWASP-Leaders mailing list