We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Appsec Village - Automate Dynamic Application Security Testing

5
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 Wang, YanYan

Formal Metadata

Title
Appsec Village - Automate Dynamic Application Security Testing
Subtitle
An approach in dockerized CI/CD pipelines
Alternative Title
Automate Pen Testing in Dockerized CI/CD Environment
Title of Series
Number of Parts
335
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Speed is vital in startups, and fast moving CI/CD pipelines are the norm in startups. Dynamic application security testing (DAST) can take advantage of the speed, automate along the CI/CD pipelines, and enable developers to fix issues while vulnerabilities are in development phase. In order to be integrate seamlessly with CI/CD pipelines, DAST tools should be ready to be deployed as code, integrate with a modern build system, and be able to provide instant feedback. Existing commercial DAST tools generally do not have such capabilities. In this presentation, we discuss how we dockerized Headless Burp, deployed the Headless Burp as code, so that it can be integrated with Selenium tests on demand.