Open Source Pentesting and Security Analysis Tools: the DevOps way… #slideless

Security Devops

Explore the open-source world of pentesting and security analysis tools, and learn how to integrate them into your DevOps practices for seamless automated security testing.

Key takeaways
  • DevOps and Security: Security should be integrated into DevOps practices.
  • ZAP: An open-source Web Application Security Scanner with a UI and headless mode.
  • Marathon: An open-source tool that automates web application security scanning and reporting.
  • Configuration: ZAP and Marathon can be configured using Jenkins files or shell scripts.
  • Automated Security Testing: Automatic testing can be done using ZAP and Marathon.
  • Security in DevOps: Security should be integrated into the entire CI/CD pipeline.
  • Best Practices: Use default settings, follow best practices, and use the API.
  • API: ZAP and Marathon have APIs that can be used for automation.
  • Headless Mode: ZAP can run in headless mode for automated testing.
  • JSON Reports: Reports can be generated in multiple formats, including JSON.
  • DAST Tools: ZAP is a DAST (Dynamic Application Security Testing) tool.
  • Crawler Problems: Common problems with crawlers include incorrect handles and not understanding JavaScript.
  • Input Vectors: Input vectors are used to test web applications for vulnerabilities.

More talks

Chris Havlin - Introducing yt xarray | SciPy 2023

Hila Fish – Open-Source: Open Choice - A DevOps Guide for OSS Adoption

Daniel Thompson-Yvetot - Tauri 2.0 - DevWorld 2024

An Introduction To Cloud Native Technologies - Brad Topol

37C3 - Unlocking the Road Ahead: Automotive Digital Forensics

Let's make a contract: the art of designing a Java API by Mario Fusco

Static generated sites === great performance. What are you waiting for?

Hosting and DevOps for Django with Benjamin "Zags" Zagorsky