Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $...
Transcript of Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $...
![Page 1: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/1.jpg)
W6 Security Testing 2019-‐05-‐01 11:30
Automated Security Scanning for Your Delivery Pipeline
Presented by:
Matthew Grasberger Coveros
‘
Brought to you by:
888-‐-‐-‐268-‐-‐-‐8770 ·∙·∙ 904-‐-‐-‐278-‐-‐-‐0524 -‐ [email protected] -‐ http://www.stareast.techwell.com
![Page 2: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/2.jpg)
Matthew Grasberger Matthew Grasberger is an Associate Consultant at Coveros with a specialty in Test Automation, DevOps Engineering, and Security Automation. Matt has worked with clients to build and develop robust test automation suites that are integrated into DevOps pipelines based on industry leading practices. In addition, Matt has leveraged open source mobile testing frameworks like Appium to create automated tests for Android and iOS devices.
![Page 3: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/3.jpg)
![Page 4: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/4.jpg)
•••••
•
•••
![Page 5: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/5.jpg)
![Page 6: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/6.jpg)
•
![Page 7: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/7.jpg)
•
•
•
![Page 8: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/8.jpg)
Identify low effort opportunities using free and open-source tools
• Open-source and free tools • Opportunities in Continuous Delivery and
Cloud
![Page 9: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/9.jpg)
•
•
•
![Page 10: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/10.jpg)
•
•
•
•
•
•
•
•
GAUNTLT
![Page 11: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/11.jpg)
![Page 12: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/12.jpg)
![Page 13: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/13.jpg)
![Page 14: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/14.jpg)
•
•
•
•
•
![Page 15: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/15.jpg)
![Page 16: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/16.jpg)
•
•
•
![Page 18: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/18.jpg)
••••
•
./sqlmap.py --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu;
Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0"
--cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u
'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=S
ubmit#' --level=5 --risk=3 -p id
![Page 19: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/19.jpg)
•
• →
![Page 20: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/20.jpg)
![Page 21: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/21.jpg)
•
•
•
•
![Page 22: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/22.jpg)
•
•
•
•
•
![Page 23: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/23.jpg)
•
•
•
![Page 24: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/24.jpg)
•
•
![Page 25: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/25.jpg)
![Page 26: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/26.jpg)
![Page 27: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/27.jpg)
•
•
•
•
![Page 28: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/28.jpg)
•
•
•
•
![Page 29: Automated!Security!ScanningforYour Delivery!Pipeline! · Matthew!Grasberger! $ Matthew$Grasberger$is$an$Associate$ConsultantatCoveros$with$aspecialty$in$Test Automation,$DevOps$Engineering,$and$Security$Automation.$Matthas](https://reader034.fdocuments.net/reader034/viewer/2022050301/5f6a6ac20142875fbe341c81/html5/thumbnails/29.jpg)