“i admit it’s getting better, · “i admit it’s getting better, a little better all the...
TRANSCRIPT
![Page 1: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/1.jpg)
![Page 2: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/2.jpg)
“I admit it’s getting better,a little better all the time.It can’t get more worse!”
- The Beatles
![Page 3: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/3.jpg)
CONTINUOUS SECURITY
![Page 5: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/5.jpg)
![Page 6: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/6.jpg)
![Page 7: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/7.jpg)
WHY?Why burden developers with security?
![Page 8: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/8.jpg)
“To a hacker, you're just an IP address. You get hit
because you let yourself be an easy mark.”
- Ira Winkler
![Page 9: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/9.jpg)
Software Development Life Cycle
design
code
test
deploy
![Page 10: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/10.jpg)
Software Development Life Cycle
design
code
test
deploy
![Page 11: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/11.jpg)
Software Development Life Cycle
design
code
test
deploy
![Page 12: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/12.jpg)
Adding Sec to DevOps
![Page 13: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/13.jpg)
STARTING POINT
![Page 14: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/14.jpg)
Place your screenshot hereThe Bodgeit Store
https://github.com/psiinon/bodgeit
![Page 15: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/15.jpg)
OUR INITIAL PIPELINE
checkout build test deploy
![Page 16: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/16.jpg)
SOURCE CODE
![Page 17: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/17.jpg)
You Built a Slack BotTO READ YOUR TEAM THE NEWSand It Told Everyone Everything
http://observer.com/2016/04/slack-bot-benedict-arnold/https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
![Page 18: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/18.jpg)
The sensitive information in these examples has been modified or redacted
![Page 19: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/19.jpg)
gittyleaksScanning source control.
https://github.com/kootenpv/gittyleaks
![Page 20: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/20.jpg)
gittyleaksnode { stage('gittyleaks') { sh 'export LC_ALL=C' sh 'gittyleaks -l [email protected]:psiinon/bodgeit.git' }}
![Page 21: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/21.jpg)
gittyleaks
https://asciinema.org/a/6x2d74fond1j1mdlt9dpsx0pt
![Page 22: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/22.jpg)
FindBugs + FindSecBugsStatic code analysis
http://findbugs.sourceforge.net/http://find-sec-bugs.github.io/
![Page 23: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/23.jpg)
FindBugs + FindSecBugsStatic code analysisnode { stage('findbugs') { sh 'findbugs -textui target/project.jar' }}
![Page 24: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/24.jpg)
FindBugs + FindSecBugsStatic code analysis
https://asciinema.org/a/8vgl8gsfj1qhevnr9c6285gkf
![Page 25: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/25.jpg)
CURRENT PIPELINE
checkout build test deployanalysis
![Page 26: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/26.jpg)
TESTING
![Page 27: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/27.jpg)
Ever wanted to hack a University?
http://netanelrub.in/2017/03/20/moodle-remote-code-execution/https://threatpost.com/critical-moodle-vulnerability-could-lead-to-server-compromise/124446/
![Page 28: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/28.jpg)
79940 (234 countries)Moodle sites registered
https://moodle.net/sites/
![Page 29: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/29.jpg)
ZED Attack Proxy
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
![Page 30: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/30.jpg)
ZED Attack Proxy
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
node { stage('zap-baseline') { sh 'docker run -t owasp/zap2docker-stable zap-baseline.py -t http://172.17.0.2:8080/bodgeit' }}
![Page 31: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/31.jpg)
ZED Attack Proxy
https://asciinema.org/a/1s2telu6m7vsd4uzxoursd8pt
![Page 32: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/32.jpg)
gauntltBe Mean To Your Code And Like It
http://gauntlt.org/
![Page 33: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/33.jpg)
gauntltBe Mean To Your Code And Like It@slowFeature: simple nmap attack (sanity check)
Background:Given "nmap" is installedAnd the following profile:
| name | value | | hostname | 172.17.0.2 |
Scenario: Verify server is available on standard web portsWhen I launch an "nmap" attack with:
""" nmap -p 8080,443 <hostname> """
Then the output should match /8080.tcp\s+open/And the output should not match:
""" 443/tcp\s+open"""
![Page 34: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/34.jpg)
gauntltBe Mean To Your Code And Like Itnode { stage('gauntlt') { sh 'gauntlt custom/*/*.attack' }}
![Page 35: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/35.jpg)
gauntltBe Mean To Your Code And Like It
https://asciinema.org/a/2tfc8bfzygw6j6xvjgn2pvnia
![Page 36: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/36.jpg)
inspecInspect Your Infrastructure
http://inspec.io/
![Page 37: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/37.jpg)
inspecInspect Your Infrastructure
https://github.com/chef/inspec/blob/master/docs/profiles.md
title '/port-8080 open'
# you add controls herecontrol "port 8080" do # A unique ID for this control impact 0.7 # The criticality, if this control fails. title "Port 8080 should be listening" # A human-readable title desc "Checking the port public port ..." # Describe why this is needed tag data: "port" # A tag allows you to associate key tag "security" # information to the test ref "Document A-12", url: 'http://...' # Additional references
describe port(8080) do # Actual testit { should be_listening }
endend
![Page 38: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/38.jpg)
inspecInspect Your Infrastructurenode { stage('inspec') { sh 'inspec exec inspec/example/ -t docker://f782c7f0a177' }}
![Page 39: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/39.jpg)
inspecInspect Your Infrastructure
https://asciinema.org/a/4ft5iso3jhu8vbh6shnatr1nk
![Page 40: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/40.jpg)
BDD SecuritySecurity Testing Framework
https://www.continuumsecurity.net/bdd-security/
![Page 41: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/41.jpg)
BDD SecuritySecurity Testing Framework
https://asciinema.org/a/8ixx15uydulugvw1syohgb03g
![Page 42: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/42.jpg)
beakerCloud enabled acceptance testing
https://github.com/puppetlabs/beaker
![Page 43: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/43.jpg)
CURRENT PIPELINE
checkout build test deployanalysis
![Page 44: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/44.jpg)
EXTERNAL DEPENDENCIES
![Page 45: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/45.jpg)
HACKEDhttp://wololo.net/2017/03/11/nintendo-switch-already-hacked-known-vulnerability/
![Page 46: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/46.jpg)
OpenVASVulnerability scanning and vulnerability management
http://www.openvas.org/
![Page 47: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/47.jpg)
Want big impact?USE BIG IMAGE.
![Page 48: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/48.jpg)
cvecheckerVulnerability scanning and vulnerability management
https://github.com/sjvermeu/cvechecker
![Page 49: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/49.jpg)
cvecheckerVulnerability scanning and vulnerability management
https://github.com/sjvermeu/cvechecker
node { stage('cvechecker') { sh 'find / -type f -perm -o+x > scanlist.txt' sh 'echo "/proc/version" >> scanlist.txt' sh 'cvechecker -b scanlist.txt' sh 'cvechecker -r' }}
![Page 50: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/50.jpg)
cvecheckerVulnerability scanning and vulnerability management
https://asciinema.org/a/6xtccj8r0qjihh94ui1gu92ma
![Page 51: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/51.jpg)
https://alpinelinux.org/
![Page 52: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/52.jpg)
Alpine LinuxVulnerability scanning and vulnerability management
https://asciinema.org/a/34ihmet34cd4ly523pfaml2uu
![Page 53: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/53.jpg)
OWASP Dependency Check
https://www.owasp.org/index.php/OWASP_Dependency_Check
![Page 54: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/54.jpg)
OWASP Dependency Checknode { stage('cvechecker') { sh 'mvn org.owasp:dependency-check-maven:1.4.5:aggregate' }}
![Page 55: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/55.jpg)
OWASP Dependency Check
https://asciinema.org/a/6ytzredroiwvifzude45n3bcm
![Page 56: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/56.jpg)
http://www.networkworld.com/article/3162232/security/that-hearbleed-problem-may-be-more-pervasive-than-you-think.html
![Page 57: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/57.jpg)
UpdatesBase images & dependencies
![Page 58: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/58.jpg)
OPEN INFORMATION
![Page 59: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/59.jpg)
https://www.owasp.org
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
![Page 60: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/60.jpg)
TrainingOWASP WebGoat OWASP
SecurityShepherd
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Projecthttps://www.owasp.org/index.php/OWASP_Security_Shepherd
![Page 61: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/61.jpg)
Software Development Life Cycle
design
code
test
deploy
![Page 62: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/62.jpg)
TAKEAWAYS
![Page 63: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/63.jpg)
![Page 65: “I admit it’s getting better, · “I admit it’s getting better, a little better all the time. It can’t get more worse!” - The Beatles](https://reader033.vdocuments.us/reader033/viewer/2022053007/5f0b63627e708231d4304613/html5/thumbnails/65.jpg)