Open Source Pentesting and Security Analysis Tools: the DevOps way… #slideless

Security Devops

Explore the open-source world of pentesting and security analysis tools, and learn how to integrate them into your DevOps practices for seamless automated security testing.

Key takeaways
  • DevOps and Security: Security should be integrated into DevOps practices.
  • ZAP: An open-source Web Application Security Scanner with a UI and headless mode.
  • Marathon: An open-source tool that automates web application security scanning and reporting.
  • Configuration: ZAP and Marathon can be configured using Jenkins files or shell scripts.
  • Automated Security Testing: Automatic testing can be done using ZAP and Marathon.
  • Security in DevOps: Security should be integrated into the entire CI/CD pipeline.
  • Best Practices: Use default settings, follow best practices, and use the API.
  • API: ZAP and Marathon have APIs that can be used for automation.
  • Headless Mode: ZAP can run in headless mode for automated testing.
  • JSON Reports: Reports can be generated in multiple formats, including JSON.
  • DAST Tools: ZAP is a DAST (Dynamic Application Security Testing) tool.
  • Crawler Problems: Common problems with crawlers include incorrect handles and not understanding JavaScript.
  • Input Vectors: Input vectors are used to test web applications for vulnerabilities.

More talks

Bridging the Gap: From Analytical Models to Operational Success [PyCon DE & PyData Berlin 2024]

Navigating the MLOps Journey: Key Considerations for Successful Implementations - Akanksha Malik

Bootstrapping Microservices • Ashley Davis & Damian Maclennan • GOTO 2024

DevOps Tech: Shifting Left on Security (Presented by: Portshift.io)

Introduction to Quarkus Security by Sergey Beryozkin

Create memes with puppeteer

DevX Days | Joel Tosi | Learning in the Flow of Work - Your Dojo

From AI Conversations to Data-Driven Decisions: Unlocking the Future of Customer Engagement