Come join us for the first annual conference! We’ve hand selected a group of industry leaders to share their experiences in the lovely setting of Kailua Kona, HI.

Read more at:  https://locomocosec.com

Early bird tickets are for sale. Buy now! 

Training passes (which include a conference ticket) are also available. Buy now!

Looking to sponsor? See our sponsor package!
Back To Schedule
Wednesday, April 4 • 9:00am - 5:00pm
AppSec Automation: Pipelines, APIs and Getting Things Done Faster

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Note: This is a two day, hands-on course
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools and training needed to actually start that testing?  This training does exactly that.  It provides the tools you’ll need to take you from testing to reporting to remediation and retesting with the help of automation.  Utilizing multiple open source tools including OWASP’s AppSec Pipeline and Defect Dojo, the training will provide an overview of key application security automation principles and provide hands-on experience with creating an Application Security Pipeline augmented with automation. Over the course of two days, the students will cover the crucial aspects of where and when to add automation to their application security programs and gain experience with integrating APIs,conducting continuous testing, ChatOps integration (Slack), get techniques to  automate commercial scanners, how to consolidate and de-dup security issues, automating submission of issues to defect trackers and generating reports/metrics. Students should leave with a firm understanding of how to apply DevOps and Agile concepts to optimize their security programs using local or cloud infrastructure.  The techniques in this training have been used at real-world companies at scale and shown an increase in the AppSec team output of a 5x increase year over year, and a 9.4x increase over two years.  With an AppSec Pipeline, you don’t have to dread hearing about that release that’s happening tomorrow.

The labs consist of a series of exercises which build upon each other to construct an AppSec Pipeline specifically geared towards continuous testing. After discussing each fundamental part of the pipeline, the student will be provided a lab to construct that portion of their own AppSec Pipeline. While these will be somewhat scripted labs, they will provide working examples of all the key concepts needed in adding automation to an AppSec program allowing the student to have seen the concepts in action before returning to work and applying them to their specific situation.  New implementations of OWASP’s AppSec Pipeline are being released as part of this training so be the first to use the next generation of testing automation.
Who Should Take This Course?
AppSec professionals who are part of an internal AppSec program or anyone needing to automate security assessment work.  This course is designed to demonstrate both the principals in theory and practice around the creation of an AppSec Pipeline, the benefits it brings and how it can help you do more with less. Multiple open source software packages and OWASP projects will be used to setup an example AppSec Pipeline in a series of hands on labs. The concepts and techniques of this course can then be applied to their AppSec programs to build their own, custom AppSec Pipeline.  Additionally, those conducting penetration tests or running a team of testers could also gain valuable insight into how to speed up their work and remove some of the drudgery from pen testing.
What Should Students Bring?
A 64 bit laptop capable of running Docker. Custom Dockers will be provided to the students which contains all the necessary software for the labs.

avatar for Matt Tesauro

Matt Tesauro

Senior AppSec Engineer, Duo Security
Matt Tesauro is currently a Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security.  Prior, he worked full-time for the OWASP Foundation, adding automation and awesome to OWASP projects as the Operations Director. Previously, he was... Read More →

Wednesday April 4, 2018 9:00am - 5:00pm HST
Mauna Kea Room

Attendees (1)