I am part of an OWASP project called DevSlop, as in “Sloppy DevOps”. I started the project with Nicole Becher, and since then we have added Franziska Bühler and Mohammed A. Imran to our project team. We started the project so we could learn about weaving security through DevOps, which we like to call DevSecOps.
First we created Pixi, an intentionally vulnerable MEAN Stack app with a poorly-formed and easily-manipulated API. Nikki and I did several workshops on it at various conferences, it was quite educational for the two of us (and hopefully also our audiences).
Then I started to create my own pipeline in Azure named Patty. Unfortunately I quickly figured out that “sharing” a pipeline via open source is *really hard*, there’s no package people can easily download and then implement themselves… I decided the best way to “share” would be to create a live stream myself digging into different ideas and exactly how to implement them. We stream LIVE every Sunday at 1:00 pm EDT, on Mixer, Twitch, and YouTube, for approximately an hour. All videos are edited, captioned, and uploaded to YouTube. Sometimes wonderful members of the OWASP community even translates them for us. :-D
S01E01 — Franziska and Tanya implement more security headers.
S01E02 — Even more security headers for Franziska and Tanya!
Join our community Slack and read our weekly Faun topics ⬇