This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Bucharest AppSec Conference 2018 Workshops"
Oana Cornea (talk | contribs) (Created page with "{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4" | style="width:100%" valign="middle" height...") |
Oana Cornea (talk | contribs) |
||
| Line 7: | Line 7: | ||
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description''' | | style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description''' | ||
|- | |- | ||
| − | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br> ''' | + | | style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br> '''4 hours:'''<br>begins at 10:00 <br>''' '''<br> |
| − | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | + | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Automated CI Pipelines using ZAP, Docker and static code analysis |
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | | ||
| − | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' | + | | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' In this workshop we will go through customizing ZAP's docker images and some static code analysis scripts to work with GitLab CI so that it automatically tests the deployed web application.<br> |
| − | '''Intended audience:''' | + | Moreover we will write an example ZAP orchestration script to better test specific parts of the example application.<br> |
| − | '''Skill level: ''' <br> | + | Last, we will create Docker containers of two static code analysis scripts so that we can easily integrate them into the CI pipeline. <br> |
| − | '''Requirements:''' | + | We will go through: |
| + | * Configuring GitLab CI to work with ZAP. | ||
| + | * Configuring the testing harness to work with ZAP | ||
| + | * Writing orchestration scripts to better test specific part of the application. | ||
| + | * Package extra tooling so that we better test the committed codebase | ||
| + | At the end of the workshop the attendees will have example configuration files, orchestration scripts, rules and Dockerfiles for all tools used. | ||
| + | '''Intended audience:''' developers, security enthusiasts <br> | ||
| + | '''Skill level: ''' intermediate<br> | ||
| + | '''Requirements:''' coding skills, a laptop | ||
<br> | <br> | ||
'''Seats available: '''20 (first-come, first served)<br> | '''Seats available: '''20 (first-come, first served)<br> | ||
Revision as of 19:35, 8 August 2018
Workshop | |||||
| Time | Title | Trainers | Description | ||
| Workshop 25th of October 4 hours: begins at 10:00 |
Automated CI Pipelines using ZAP, Docker and static code analysis | Description: In this workshop we will go through customizing ZAP's docker images and some static code analysis scripts to work with GitLab CI so that it automatically tests the deployed web application. Moreover we will write an example ZAP orchestration script to better test specific parts of the example application.
At the end of the workshop the attendees will have example configuration files, orchestration scripts, rules and Dockerfiles for all tools used.
Intended audience: developers, security enthusiasts | |||
| Workshop 25th of October 3 hours: begins at 13:30 |
|
Description:
Intended audience: Seats available: | |||
| Workshop 25th of October 3 hours: begins at 9:30 |
|
Description: Prerequisites: Software Requirements: Seats available: | |||
