Difference between revisions of "OWASP DevSlop Project"

Latest revision as of 12:51, 25 April 2019

OWASP DevSlop Tool Project

DevSlop: learning how application security professionals fit into DevOps.

DevSlop Project Logo

Project Website: DevSlop

Modern applications often use APIs, microservices and containerization to deliver faster and better products and services, however this changing landscape means security people need to step up their game. DevSlop, "Sloppy DevOps", is an exploration into this area, via several different modules consisting of pipelines, vulnerable apps, and The DevSlop Show, where project members learn and share.

Description

DevSlop has many modules, including:

Patty - An Azure DevSecOps pipeline, with constantly changing components, which published the project's website, DevSlop.co.

Pixi-CRS & Pixi-CRS-ZAP are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prod.

Pixi is an intentionally vulnerable app and consists of a vulnerable web app and API service.

The DevSlop Show is a video streaming series where project members build things live, interview members of the OWASP and InfoSec community, and learn where they fit into DevOps.

Pixi Logo

As more pieces of DevSlop are released they will be introduced here.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation. OWASP DevSlop and any contributions are Copyright © by Nicole Becher & Tanya Janca 2017.

Project Resources

Source Code

What's New (Revision History)

Documentation

Wiki Home Page

Issue Tracker

Slide Presentation

Video

Project Leader

Tanya Janca Twitter

Nancy Gariché Twitter

Nicole Becher Twitter

Team Members

Franziska Bühler Twitter

Mordecai Kraushar

Related Projects

Classifications

News and Events

Nancy Gariché was promoted to leader, making 3 leaders of this project!
Check out our schedule!
[July 2] Tanya Janca will be giving the "Hack Your Own Apps" workshop at the SPA Conference in London, England.
[June 4-6, 2018] The entire DevSlop team will be at the Open Security Summit in London, England.
[May 18, 2018] Pixi workshop presented at NorthSec in Montreal, Canada.
[March 2018] Introduced new project team members: Mohammed A. Imran and Franziska Bühler
[28 Jan 2018} DevSlop full day workshop at AppSec Cali: Intro To Web Hacking Using ZAP/Hacking APIs And The MEAN Stack
[19 Sept 2017] DevSlop 3 hour workshop presented as part of the AppSec USA 2017 Developer Summit.
[5 Sept 2017] DevSlop project team interviewed on AppSec Podcast
[12 July 2017] DevSlop Project announced at Microsoft Tech Days in NYC.

@@ Line 7: / Line 7: @@
 ==OWASP [http://devslop.co DevSlop] Tool Project==
-''The hacker jungle gym built on DevOps disasters.''[[File:DevSlop Logo.jpg|alt= DevSlop Project Logo|thumb|315x315px|DevSlop Project Logo]]
+''DevSlop: learning how application security professionals fit into DevOps.''[[File:DevSlop Logo.jpg|alt= DevSlop Project Logo|thumb|315x315px|DevSlop Project Logo]]
 Project Website:  [http://devslop.co DevSlop]
-Modern applications often use APIs, microservices and containerization to deliver faster and better products and services.   There has been a massive migration away from monolithic web applications to this new, highly scalable architecture.  However, there are currently few training grounds for security testing in these areas. In comes DevSlop, OWASP's newest project, a collection of DevOps-driven applications, specifically designed to showcase security catastrophes and vulnerabilities for use in security testing, software testing, learning and teaching for both developers and security professionals.
+Modern applications often use APIs, microservices and containerization to deliver faster and better products and services, however this changing landscape means security people need to step up their game.  DevSlop, "Sloppy DevOps", is an exploration into this area, via several different modules consisting of pipelines, vulnerable apps, and [https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A The DevSlop Show], where project members learn and share.
 ==Description==
-DevSlop's '''Pixi''', the first of many applications to come for this OWASP project, is currently publicly available for your hacking and learning pleasure. Pixi is available in several docker containers and consists of a vulnerable web app and API service.  The intent is to teach users how to test modern web applications and API's for security issues and how to write more secure API's in the future.[[File:Pixi logo.png|alt= Pixi Logo|thumb|145x145px|Pixi Logo]]
+DevSlop has many modules, including:
+'''Patty''' - An Azure DevSecOps pipeline, with constantly changing components, which published the project's website, [http://devslop.co DevSlop.co].
+'''Pixi-CRS''' & '''Pixi-CRS-ZAP''' are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prod.
+'''Pixi''' is an intentionally vulnerable app and consists of a vulnerable web app and API service.
+[https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A '''The DevSlop Show'''] is a video streaming series where project members build things live, interview members of the OWASP and InfoSec community, and learn where they fit into DevOps.
+[[File:Pixi logo.png|alt= Pixi Logo|thumb|145x145px|Pixi Logo]]
 As more pieces of [http://devslop.co DevSlop] are released they will be introduced here.
@@ Line 24: / Line 34: @@
 == Project Resources ==
-[https://github.com/SamanthaGroves Installation Package]
 [https://github.com/DevSlop/ Source Code]
@@ Line 46: / Line 54: @@
 == Project Leader ==
-[[User:Nicolebecher|Nicole Becher]] [https://twitter.com/thedeadrobots Twitter]
+[[User:Tanyajanca|Tanya Janca]] [https://twitter.com/shehackspurple Twitter]
-[[User:Tanyajanca|Tanya Janca]] [https://twitter.com/shehackspurple Twitter]
+Nancy Gariché [https://twitter.com/nanzgtweets Twitter]
-[[User:Secfigo|Mohammed A. Imran]] [https://twitter.com/secfigo Twitter]
+[[User:Nicolebecher|Nicole Becher]] [https://twitter.com/thedeadrobots Twitter]
@@ Line 82: / Line 90: @@
 == News and Events ==
+* Nancy Gariché was promoted to leader, making 3 leaders of this project!
 * [http://devslop.co/Home/Schedule Check out our schedule!]
 * [July 2] Tanya Janca will be giving the "Hack Your Own Apps" workshop at the [https://www.spaconference.org/spa2018 SPA Conference in London], England.
@@ Line 131: / Line 140: @@
 '''How can I follow updates on the project?'''
-[https://twitter.com/thedeadrobots Nicole Becher on Twitter]
+[https://twitter.com/OWASP_DevSlop DevSlop on Twitter]
 [https://twitter.com/shehackspurple Tanya Janca on Twitter]
@@ Line 148: / Line 157: @@
 The first contributors to the project were:
-* Nicole Becher [https://twitter.com/thedeadrobots Twitter]
 * [[User:Tanyajanca|Tanya Janca]] [https://twitter.com/shehackspurple Twitter]
-* [[User:Secfigo|Mohammed A. Imran]] [https://twitter.com/secfigo Twitter]
+* Nancy Gariché [https://twitter.com/nanzgtweets Twitter]
+* Nicole Becher [https://twitter.com/thedeadrobots Twitter]
 * [[User:Franziskabuehler|Franziska Bühler]] [https://twitter.com/bufrasch Twitter]

Difference between revisions of "OWASP DevSlop Project"

Latest revision as of 12:51, 25 April 2019

OWASP DevSlop Tool Project

Description

Licensing

Project Resources

Project Leader

Team Members

Related Projects

Classifications

News and Events

How can I participate in your project?

If I am not a programmer can I participate in your project?

Contributors

Roadmap

Getting Involved

Ideas

Coding

Localization

Feedback

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools