Projects/OWASP Zed Attack Proxy Project/Pages/Talks
2014 June 5: International Testing Conference, Tallinn, Estonia Dan Billing: New Adventures in Security
Learning new skills and experiences are key to developing any career, but in the rapidly changing world of software testing it is particularly necessary. Recently my work has led me to need to develop my security testing skills, but more than that it has opened doors into a whole new world of skills and techniques, and I am still learning more and more.
This track explores how I have approached the problems I have encountered, formulated my learning, and how I have developed an understanding of the key features of security testing in an accessible way.
2014 June 24: Velocity, Santa Clara, CA James Wickett, Gareth Rushgrove Battle-tested Code without the Battle - Security Testing and Continuous Integration
Everyone knows that we need to harden our code before it goes into production, but very few actually test for security flaws in their delivery pipeline. We will show a basic continuous delivery pipeline that should be familiar to anyone who has worked with continuous integration, and then proceed to add steps to identify security issues in a typical web application stack.
Attendees will be able to follow along either online or by building the pipeline locally on their own computers. All of the source code will be open source and available for people to use for testing their own applications after the conference. We’ll use a range of open source technology including OWASP ZAP, Gauntlt, Jenkins, Vagrant and more.
2014 June 25: OWASP AppSec EU, Cambridge, UK Simon Bennetts: ZAP Advanced Features
Exact content still to be decided, but as the title suggests, this will focus on some of the more advanced ZAP features.