Upload File

automated!security!scanningforyour delivery!pipeline! · matthew!grasberger! $...

  • Home
  • Documents
  • Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
29
W6 Security Testing 20190501 11:30 Automated Security Scanning for Your Delivery Pipeline Presented by: Matthew Grasberger Coveros Brought to you by: 8882688770 9042780524 [email protected] http://www.stareast.techwell.com

Upload: others

Post on 23-Jul-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

     

   W6  Security  Testing  2019-­‐05-­‐01  11:30              

Automated  Security  Scanning  for  Your  Delivery  Pipeline  

 Presented  by:    

 

Matthew  Grasberger  Coveros  

‘      

Brought  to  you  by:        

   

   

888-­‐-­‐-­‐268-­‐-­‐-­‐8770  ·∙·∙  904-­‐-­‐-­‐278-­‐-­‐-­‐0524  -­‐  [email protected]  -­‐  http://www.stareast.techwell.com  

   

Page 2: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

 

Matthew  Grasberger    Matthew  Grasberger  is  an  Associate  Consultant  at  Coveros  with  a  specialty  in  Test  Automation,  DevOps  Engineering,  and  Security  Automation.  Matt  has  worked  with  clients  to  build  and  develop  robust  test  automation  suites  that  are  integrated  into  DevOps  pipelines  based  on  industry  leading  practices.  In  addition,  Matt  has  leveraged  open  source  mobile  testing  frameworks  like  Appium  to  create  automated  tests  for  Android  and  iOS  devices.  

Page 3: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 4: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

•••••

•••

Page 5: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 6: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 7: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 8: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Identify low effort opportunities using free and open-source tools

• Open-source and free tools • Opportunities in Continuous Delivery and

Cloud

Page 9: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 10: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

GAUNTLT

Page 11: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 12: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 13: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 14: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 15: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 16: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 17: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

• →•

http://www.site.com/vuln.php?id=1
http://www.site.com/vuln.php?id=1
Page 18: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

••••

./sqlmap.py --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu;

Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0"

--cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u

'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=S

ubmit#' --level=5 --risk=3 -p id

Page 19: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

• →

Page 20: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 21: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 22: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 23: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 24: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 25: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 26: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas
Page 27: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 28: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Page 29: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas

Automation Overview 1.1 Automation -vue d'ensemble Automation - Übersicht

Matthew Kimpton Smith - The Role of Automation in the Future of Manufacturing and the Opportunities it Will Bring

1.1 Automation Overview automación - vista general Automation -vue d'ensemble Automation - Übersicht Industrial Automation Automation Industrielle Industrielle

A FUTURE THAT WORKS: AUTOMATION, EMPLOYMENT, AND …€¦ · Matthew J. Slaughter, Paul Danos Dean of the Tuck School and the Earl C. Daum 1924 Professor of International Business

Distribution Automation Distribution Automation –– An …energycollection.us/Energy-Distribution-Automation/SANDC... · Distribution Automation Distribution Automation ––

Murray, Matthew ORCID: 0000000189568062 (2003) Matthew ...eprints.glos.ac.uk/4691/2/Five_Star.pdf · Murray, Matthew ORCID: 0000000189568062 (2003) Matthew Murray Photographs and

FPGA Music Project - Courses · PDF fileFPGA Music Project. Matthew R. Guthaus FPGA Music Project VLSI Design Automation October 2009 2 ... • High quality reverb, delay, chorus,

MATTHEW WHITE - The Agencytheagency.co.uk/wp-content/uploads/2015/01/Matthew-White...MATTHEW WHITE Writer / Director – Theatre Matthew studied English at Cambridge University before

Matthew Mattila Matthew Mattila, helped develop ISTO as

Matthew 18:21 – 35. Forgiveness Matthew 18:21 – 35 Forgiveness Matthew 6 – The Lord’s Prayer

Automation automation systems

Power BI and PowerShell - Microsoft€¦ · You can still use the Power BI Mgmt module. Photo by Matthew Garoffolo on Unsplash Authentication options; Prerequisites to automation;

Hines’ Sight · 10/2/2013  · Oct 2 - Malachi 1-4 Oct 3 - Matthew 1-4 Oct 4 - Matthew 5-6 Oct 5 - Matthew 7-9 Oct 6 - Matthew 10-12 Oct 7 - Matthew 13-14 Oct 8 - Matthew 15-17

Software Control of Home Automation Systemsassets.en.oreilly.com/1/event/45/Software Control... · Software Control of Home Automation Systems BRUCE & MATTHEW MOMJIAN, E ... Dining

Sermon Notes Matthew 5 - MINISTERS OF THE NEW ... Notes Matthew 5 Matthew Janzen Blessed Are Ye Matthew 5:1-12 Central Theme = Kingdom = Matthew 4:23-25. This entire sermon (1) drives

Industrial Automation Automation Industrielle Industrielle Automation

Wix Automation - Automation Manager

84874 July 23, 2017 - St. Joseph Parish | Toms River · 5:00 John H. Grasberger req. by the Hemberger Family 6:30 Crissy Marie Barillas req. by Family St. Gertrude, Island Heights

Trust in Automation - Jeffrey M. Bradsha. Trust in Automation.pdf · Trust in Automation Robert R. Hoffman, Matthew Johnson, and Jeffrey M. Bradshaw, Florida Institute for Human and

Matthew Skelton - How to choose tools for DevOps - collaboration over automation

K21 and Automation System Architecture Matthew Burnside [email protected] MIT Laboratory for Computer Science January 8, 2002 Jointly with: Dwaine Clarke,

God’s Mission in Matthew Matthew 20:17-21:11

Automation Solutions - Industrial Automation

Central Christian Church · 2017-06-28 · Psalm 136:1—4, 10—26 SU Matthew 26:1—5 M Matthew 26:6—13 TU Matthew 26:14—25 W Matthew 26:26—35 TH Matthew 26:36—46 F Matthew

SLIP SLIPSLIP SLIP - The Eye...Mathias Exner Matt Clay Matt Landis Matt Overstreet Matt Timm Matthew Caron Matthew J. Hanson Matthew Miller Matthew Price Matthew Whalley Matti Rintala

The Gospel of Matthew - Middletown Bible churchmiddletownbiblechurch.org/matthew/mat16_20.pdf · The Gospel of Matthew ... Jesus Predicts His Death and Second Coming (Matthew 16:21-28)

Application Release Automation and Infrastructure Automation · Deployment Automation vs. Puppet for ... Application Release Automation and Infrastructure Automation ... Application

Automation Cloud Digital Repository - Virginia Tech · Cloud Digital Repository Automation Matthew Brockman, Chris Hill Multimedia, Hypertext, and Information Access, CS-4624 Edward

Public Art Network Year in Review 2010 (Part II) · photographer: matthew dominic farley . matthew dominic farley frozen assets. matthew dominic farley frozen assets . matthew dominic

From automation to Silicon Valley - the automation movement Automation to Silicon Valley - The Automation Movement

Project Management and Automation - Blogs | SEA · Project Management and Automation Using Maven and Grunt to accelerate development Matthew Hanlon • SEA Conference • April 7,

Attachment 20 Westinghouse Electric Company …Automation Services WINCISE Signal Processinp_ System Design Requirements LIST OF CONTRIBUTORS Revision Name and Title A Matthew T. Wereb

Automation of Immunofluorescence Assays in a Clinical Laboratory- An Unmet Need Matthew J. McGinniss PhD FACMG Senior Director, Laboratory Operations Prometheus

God’s Mission in Matthew Matthew 23

Illustration: Matthew Cole vy fotolia · W Illustration: Matthew Cole vy fotolia.de. I Illustration: Matthew Cole vy fotolia.de. L Illustration: Matthew Cole vy fotolia.de