DevOps in the SpotLight

VSW04 OWASP DevSlop: DevSecOps with VSTS & Azure

12/05/2018

8:00am - 9:15am

Level: Introductory to Intermediate

Tanya Janca

Senior Cloud Advocate

Microsoft

The OWASP DevSlop team are back with "Patty", a new module of the project consisting of a DevSecOps pipeline made with Visual Studio Team Server (and many security plugins), releasing into Azure, using the Azure Gateway coupled with the OWASP Core Rule Set 3 (another OWASP project). This entire system/project is open-sourced as part of the project, so that developers can create a copy, adjust it for their own uses, and have a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of the system, finishing with the DevSlop team releasing their own website live, on stage, using the pipeline.

For many people 'the cloud' and DevSecOps can be a bit mysterious. Let's clear this up with a nice, long, slow demo of how to load up an app in your editor, make a change, run it through your pipeline (and pass the security checks!), then publish it into the cloud. One step at a time..

You will learn:

  • Azure cloud DevOps basics
  • Azure Gateway (WAF) basics
  • Overview of other security tools you can use in a DevSecOps pipeline (automation of security checks)
  • What OWASP is and how to become involved and continue learning after this talk is over