This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP DevSlop Project
OWASP DevSlop Tool ProjectDevSlop: learning how application security professionals fit into DevOps.Project Website: DevSlop Modern applications often use APIs, microservices and containerization to deliver faster and better products and services, however this changing landscape means security people need to step up their game. DevSlop, "Sloppy DevOps", is an exploration into this area, via several different modules consisting of pipelines, vulnerable apps, and The DevSlop Show, where project members learn and share. DescriptionDevSlop has many modules, including: Patty - An Azure DevSecOps pipeline, with constantly changing components, which published the project's website, DevSlop.co. Pixi-CRS & Pixi-CRS-ZAP are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prod. Pixi is an intentionally vulnerable app and consists of a vulnerable web app and API service. The DevSlop Show is a video streaming series where project members build things live, interview members of the OWASP and InfoSec community, and learn where they fit into DevOps. As more pieces of DevSlop are released they will be introduced here. LicensingThis program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation. OWASP DevSlop and any contributions are Copyright © by Nicole Becher & Tanya Janca 2017. |
Project ResourcesDocumentation Issue Tracker
Project LeaderNancy Gariché Twitter
Team Members
Related ProjectsClassifications
|
News and Events
| |||||||
