GraphQL + Security tutorial with nodegoat
Details
George will be talking about GraphQL - what it is, why you should use it, and how to get up and running with it.
After that Kim Carter will show you how you can leverage the abilities of the OWASP Zap API to discover many vulnerabilities in your web application as you are creating it, rather than at the end of the project.
This is essentially like having a full time penetration tester on your development team, continuously security regression testing your product as a CI or nightly build as it’s being developed. For a very minimal set-up cost.
If you want to follow along with the tutorial, you'll need a computer that has one or more of the following. From most preferred to least:
-
VirtualBox installed to run a vbox image (That's a VirtualBox VM)
-
Some virtualisation software installed that can create a VM with the supplied vmdk disk image
-
Be prepaired to setup all components from scratch using ( https://github.com/binarymist/NodeGoat ) and ( https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API ).
This generally has a few unexpected hurdles that trips many up. I'll be passing a VM around via NTFS formatted (for files over 4GB) USB stick. Please also bring some USB sticks that can carry the large files to help propagate amongst your pairs, so we can get up and running as quickly as possible.
GraphQL + Security tutorial with nodegoat