Either to implement in your SSDLC, or you just want to have a security test automation framework to i.e periodically scan your infrastructure?

In this talk, I am going to present some best practices for how to build a "security test automation framework". These best practices derived directly from all the pitfalls I encountered from implementing these type of solution for my customers.

This talk teaches how to create an agnostic and scalable solution with Docker and Kubernetes. Dockerize your favorite security tooling Deploy these containers in your Kubernetes cluster This talk teaches how to manage your findings effectively with a vulnerability management solution

Use Defect Dojo to manage your vulnerabilities
Use Defect Dojo for Delta reporting
Use Defect Dojo for false positive suppression
This talk teaches how to prevent key sprawl and manage your secrets with a Keyvault

Store and manage your API keys
No more hardcoded secrets in your application
Even use it to build TOTP (Time based one time passwords)
This talk teaches you everything you need to know to get started with security test automation and how to implement your favorite security tooling into different CI/CD platforms (Jenkins, VSTS, Travis, etc) and into their pipelines.

Riccardo ten Cate
As a penetration tester from the Netherlands Riccardo specializes in web application security and has extensive knowledge in securing web applications in multiple coding languages. Riccardo also has expertise on implementing security test automation in CI/CD pipelines and is a project leader of the OWASP Security knowledge framework.
-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...