Sep 30, 2018 · 2 min read

I am part of an OWASP project called DevSlop, as in “Sloppy DevOps”. I started the project with Nicole Becher, and since then we have added Franziska Bühler and Mohammed A. Imran to our project team. We started the project so we could learn about weaving security through DevOps, which we like to call DevSecOps.

First we created Pixi, an intentionally vulnerable MEAN Stack app with a poorly-formed and easily-manipulated API. Nikki and I did several workshops on it at various conferences, it was quite educational for the two of us (and hopefully also our audiences).

Then I started to create my own pipeline in Azure named Patty. Unfortunately I quickly figured out that “sharing” a pipeline via open source is *really hard*, there’s no package people can easily download and then implement themselves… I decided the best way to “share” would be to create a live stream myself digging into different ideas and exactly how to implement them. We stream LIVE every Sunday at 1:00 pm EDT, on Mixer, Twitch, and YouTube, for approximately an hour. All videos are edited, captioned, and uploaded to YouTube. Sometimes wonderful members of the OWASP community even translates them for us. :-D

Please join us live if you can, or check out the videos afterwards.

S01E00Franziska Bühler and Tanya Janca try and fail to implement HTTPS, but settle for adding a few security headers. This was a “test” episode.

S01E01 — Franziska and Tanya implement more security headers.

S01E02 — Even more security headers for Franziska and Tanya!

S01E02.1 — Franziska and Tanya implement HTTPs for their website,

S01E03: Smart Contracts with Elissa Shevinsky

S01E04Morgan Roman and Tanya Janca explore the concept of negative unit tests.

Tune in this Sunday to join myself and Joy Huggins while we implement Snyk to scan the DevSlop Project GitHub repo.

Join our community Slack and read our weekly Faun topics ⬇

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇


The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts


Written by

Tanya Janca’s Application Security Adventures



The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade