28. What Zap does?
● Inspecting request and response
● Run passive scan rules:
○ Cookies misconfiguration
○ Security HTTP Headers
○ Mixed Content
○ And many more
52. Let’s use Docker
● Tweek is designed as a multi-container app
● Every microservice has an offical Docker image
● Tweek uses Docker-native CI (Codefresh)
● Test suites also run as docker containers
● Zap has an official docker image
Thank you for having me
Are you running tests in you CI? How? Why Can it be easy?
Who heard on the breach
Who heard without the breack
It will happen to you
Run tests in CI
What is security tests – tests that can test your code and how we did it
Talk about what is OWASP- non profit, wide and popular
Say this is hackin tool, I’ll explain in a minute how
I’m going to show the manual approach
Add Tweek Postman
2015
False positive filtering
Glue ease integration of security tools into CI
How?
Glue can take many security tools
<click>
This is just a sample, already more than 15 supported
And let you define filters <click> and reporters <click>
Filters let you filter issues raised by the tool, report control on how you visualize them
So you can write your own filters and reporters and they will apply to any new seuciryt tool that you will add to glue
Add failure/success
Add atomic pitria
July 29
names, social security numbers, birth dates, home addresses, and in some cases, driving license information.
143 million Americans are said to be affected – half of US