Floating the goat: How to use DevSecOps to secure OWASP WebGoat

Thinking you know what DevSecOps is a entirely different entity from actually incorporating DevSecOps into a CI/CD pipeline and using it on a daily basis. And then when it comes to figuring out where and how to start building out a CI/CD pipeline can also be daunting. Utilizing an intentionally vulnerable web application like OWASP WebGoat to use as a starting point to automatically scan, find, and resolve vulnerabilities is an excellent way to learn about web application security, AWS and cloud security, open source tools, and DevSecOps. In this talk we plan to define requirements, threat model the architecture, create an AWS account to set up a development environment and utilize different tools, build then test code, automate and monitor the pipeline, and then to continuously improve the pipeline.

Watch On-Demand

Our Speakers

Tanya Janca
Tanya Janca

Founder of We Hack Purple + Head of Education and Community


headshot of Chloe Potsklan
Chloe Potsklan

Cyber Security Engineer