Loading…
LASCON 2017 has ended
View analytic
Wednesday, October 25 • 9:00am - 5:00pm
Automating your own AppSec Pipeline with Docker and Serverless Computing w/ Matt Tesauro (Day 2) LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Paid Training Ticket Required

Any optimization outside the critical constraint is an illusion. In application security, the size of the security team is always the most scarce resource. The best way to optimize the security team is automation. This training will provide an overview of key application security automation principles and provide hands-on experience with creating an Application Security Pipeline augmented with automation. Over the course of two days, the students will cover the crucial aspects of where and when to add automation to their application security practices and gain experience with integrating APIs, using Serverless functions (Lambda), ChatOps integration (Slack), automating security scanning, consolidate and de-duplicate security issues, automating submission of issues to defect trackers and generating reports/metrics in an automated fashion. Students should leave with a firm understanding of how to apply DevOps and Agile concepts to optimize their security programs using local and cloud infrastructure.

The labs consist of a series of exercises which build upon each other to construct an AppSec Pipeline specifically geared towards Cloud and Serverless automation. After discussing each fundamental part of the pipeline, the student will be provided a lab to construct that portion of their own AppSec Pipeline. While these will be somewhat scripted labs, they will provide working examples of all the key concepts needed in adding automation to an AppSec program allowing the student to have seen the concepts in action before returning to work and applying them to their particular situation.

Speakers
avatar for Matt Tesauro

Matt Tesauro

Senior Technical Project Engineer, OWASP Foundation
Matt Tesauro is currently working full-time for the OWASP Foundation, adding automation and awesome to OWASP projects. Previously, he was a founder and CTO of Infinitiv, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is broadly experienced information security professional of 15 years specializing in application and cloud security. He is a former board member of the OWASP Foundation and project lead for OWASP AppSec Pipeline... Read More →


Wednesday October 25, 2017 9:00am - 5:00pm
TBA

Attendees (5)