SlideShare ist ein Scribd-Unternehmen logo

Owasp glue

Als PPTX, PDF herunterladen
Soluto
Soluto

We all know that running security tests on a CI can gives us a lot of value. And we all know already a few good security tools that we are running or planning to run continuously to ensure our app stays secure. But integrating those tools into the CI is not a simple task. Each one of those tools has it's own API and does not always support all the features we want. For example, we might want to report the finding of each tools as TeamCity tests, or maybe we are using Jira and want to open a new issue for each finding. And what about filtering false positives? Any automated tool will produce false positive findings, but how can we filter them? In this talk I'll demo OWASP Glue - a tool that aims to ease the integration of various security tools into the CI/CD pipeline. The talk was presented on DevSecOps meetup

Technologie
1 von 25
OWASP Glue @omerlh #MeetupAtSoluto April 2018
Why another security tool?
Story Time
https://www.slashgear.com/petya-ransomware-finally-has-a-fix-no-need-to-pay-ransom-12435885/
I should’ve read that report...
Let’s add some Glue
OWASP Glue ● Ease the integration of secure tools ● ”DevSecOps Tool” ● OWASP Open Source Project
Task Target Findings
Findings Filter Report
Currently Supported Tasks ● brakeman ● bundleaudit ● checkmarx ● clamav ● dawnscanner ● eslint ● fim ● findsecbugs ● nsp ● owasp-dep-check ● pmd ● retirejs ● scanjs ● sfl ● sync ● snyk ● OWASP zap
Running Glue OmerL-Mac$ docker run -it soluto/glue:17 glue -h
”DevSecOps tool” ● Quick win ● Break the build or it doesn’t happen ● Handling false positive ● Keep it DRY
Example from our production TeamCity
Wrap Up ● OWASP Glue ● ”DevSecOps tool” ● Using Glue
What Glue can do for YOU? @omerlh
Moment for Gratitude ● Matt Konda ● Alex Lock ● Rafa Perez
Acknowledgment ● Glue is an OWASP project ● Not active in the past year ● Temporary Maintained by Soluto (fork) ● Actively used by Soluto ● Hope to merge back to master
Now You Can Rest
Questions?
Thank You @omerlh #MeetupAtSoluto

Empfohlen

DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASPPriyanka Raghavan
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized ApplicationsSoluto
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 

Empfohlen

DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevSecOps OWASP
DevSecOps OWASPDevSecOps OWASP
DevSecOps OWASPPriyanka Raghavan
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized ApplicationsSoluto
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOpsMichelangelo van Dam
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementShriniKulkarni
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneySonatype
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 

Weitere ähnliche Inhalte

Was ist angesagt?

DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementShriniKulkarni
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneySonatype
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 

Was ist angesagt? (20)

DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon London 2017: Shift happens ... by Colin Domoney
 
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorAst in CI/CD by Ofer Maor
Ast in CI/CD by Ofer Maor
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
 
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
 
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgThe Rise of DevSecOps - Fabian Lim - DevSecOpsSg
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
DevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident ManagementDevOps and DevSecOps, Incident Management
DevOps and DevSecOps, Incident Management
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 

Ähnlich wie Owasp glue

The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...DevOpsDays Tel Aviv
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?Juan Picado
 
Clang Analyzer Tool Review
Clang Analyzer Tool ReviewClang Analyzer Tool Review
Clang Analyzer Tool ReviewDoug Schuster
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandMatt Tesauro
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
 
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPContinuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPQAware GmbH
 
Deploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesDeploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesFIWARE
 
WSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2
 
Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016vodqasg
 
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015CODE BLUE
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...ShaiAlmog1
 
OAuth2 and IdentityServer3
OAuth2 and IdentityServer3OAuth2 and IdentityServer3
OAuth2 and IdentityServer3Paul Glavich
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationThreatReel Podcast
 
Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Izzet Mustafaiev
 

Ähnlich wie Owasp glue (20)

The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?What can possibly go wrong if i dont e2 e test my packages?
What can possibly go wrong if i dont e2 e test my packages?
 
Clang Analyzer Tool Review
Clang Analyzer Tool ReviewClang Analyzer Tool Review
Clang Analyzer Tool Review
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP Switzerland
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
 
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAPContinuous OpenAPI Security Tests on K8s with Testkube and ZAP
Continuous OpenAPI Security Tests on K8s with Testkube and ZAP
 
Deploy MediaWiki usgin Fiware Lab Facilities
Deploy MediaWiki usgin Fiware Lab FacilitiesDeploy MediaWiki usgin Fiware Lab Facilities
Deploy MediaWiki usgin Fiware Lab Facilities
 
Deploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab FacilitiesDeploy Mediawiki Using FIWARE Lab Facilities
Deploy Mediawiki Using FIWARE Lab Facilities
 
Agile devops in the cloud
Agile devops in the cloudAgile devops in the cloud
Agile devops in the cloud
 
WSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the CloudWSO2Con Asia 2014 - Agile DevOps in the Cloud
WSO2Con Asia 2014 - Agile DevOps in the Cloud
 
Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016Serenity BDD Workshop - 9th March 2016
Serenity BDD Workshop - 9th March 2016
 
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
An Abusive Relationship with AngularJS by Mario Heiderich - CODE BLUE 2015
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
 
OAuth2 and IdentityServer3
OAuth2 and IdentityServer3OAuth2 and IdentityServer3
OAuth2 and IdentityServer3
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec Presentation
 
Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?Docker. Does it matter for Java developer ?
Docker. Does it matter for Java developer ?
 

Mehr von Soluto

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSoluto
 
Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scaleSoluto
 
Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniSoluto
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarSoluto
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?Soluto
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of MonitoringSoluto
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FEDSoluto
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlinSoluto
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Soluto
 
Kamus intro
Kamus introKamus intro
Kamus introSoluto
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your PipelineSoluto
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to HooksSoluto
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Soluto
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversimSoluto
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!Soluto
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentdSoluto
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a proSoluto
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshareSoluto
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaSoluto
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupSoluto
 

Mehr von Soluto (20)

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec California
 
Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scale
 
Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
 
Kamus intro
Kamus introKamus intro
Kamus intro
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Kürzlich hochgeladen (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Owasp glue

Hinweis der Redaktion

  1. About me/solute OWASP member, contributor to Zap and Glue Active OpenSource contributor
  2. Zap is magic that find security issues No OWASP No cry Jane is an awesome dev – she want to get her code into production Jane told herself she will look on the report later
  3. Who was in a similar situation?
  4. Finding replace with pile of something
  5. Clean, pure Glue image. Without any other tools – create images based on this image
  6. Break the build or it doesn’t happen
  7. Soluto has strong believe in Glue
  8. All links will be on my twitter account