Level: Introductory to Intermediate
The OWASP DevSlop team are back with "Patty", a new module of the project consisting of a DevSecOps pipeline made with Visual Studio Team Server (and many security plugins), releasing into Azure, using the Azure Gateway coupled with the OWASP Core Rule Set 3 (another OWASP project). This entire system/project is open-sourced as part of the project, so that developers can create a copy, adjust it for their own uses, and have a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of the system, finishing with the DevSlop team releasing their own website live, on stage, using the pipeline.
For many people 'the cloud' and DevSecOps can be a bit mysterious. Let's clear this up with a nice, long, slow demo of how to load up an app in your editor, make a change, run it through your pipeline (and pass the security checks!), then publish it into the cloud. One step at a time..
You will learn:
- Azure cloud DevOps basics
- Azure Gateway (WAF) basics
- Overview of other security tools you can use in a DevSecOps pipeline (automation of security checks)
- What OWASP is and how to become involved and continue learning after this talk is over