Looking for a specific timezone? We have it covered...
View analytic
Tuesday, October 24 • 06:15 - 07:00
Creating An Appsec Pipeline With Containers In A Week: How We Failed and Succeeded

Sign up or log in to save this to your schedule and see who's attending!

Join us on our adventure of setting up a appsec pipeline with docker containers. What did go wrong, how did we succeed? How do you fight false positives and how do you get the best out of the products out there without bothering the development teams too much.

The goal of the presentation: to inform other developers, risk-managers and devsecops on how one can easily create an Appsec pipeline and which pitfalls there are when it comes to automated testing. The presentation is about how we created an appsec pipeline using a set of docker images (Threadfix, burp, zap, etc.), with a stateless jenkins machine using the Job-DSL. Our job was to create an appsec pipeline that would both provide the security/risk team feedback as well as the developers. The nice thing was that we had to create a demo-pipeline in a week and during this work-intensive week we leanred a lot (false positives from the tools, Threadfix workings, alternatives such as using Mittn and BDD-security on top of ZAP/Burp), how test-mocks spoiled our security tests, how untestable APIs had to be guarded and still manually tested and much more.

avatar for Jeroen Willemsen

Jeroen Willemsen

Jeroen is a security architect with a passion for mobile and risk management. He loves to work on secure building blocks, security automation pipelines and embedding information security risk management controls in an agile environment. He is dedicated to help developers... Read More →

Tuesday October 24, 2017 06:15 - 07:00
Continuous Everything: Europe