What we're about

An OWASP Project; The OWASP DevSlop Show invites infosec and DevSecOps practitioners to teach us something new!

Project Team: Nancy Gariché, Nicole Becher, Franziska Buehler and Tanya Janca.

Upcoming events (2)

How to Implement an Effective Cloud Resource Tagging Strategy Using IaC

Cloud service providers allow users to assign metadata to their cloud resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and a value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria.

Tags can be used for security, cost allocation, automation, console organization, access control, and operations.

On this show, we will review a new way to automate tags attribution in your CI/CD pipeline and AWS. We will also take a look at a new open-source tool to help us implement tagging best practices.


Barak Schoster (@BarakSchoster) is a Sr Dir, Chief Architect at Palo Alto Networks, working to make cloud security and DevOps processes simpler.

Barak is an open-source enthusiast based in Tel Aviv, creator of the open-source projects Checkov, AirIAM, Terragoat, and contributor to other open-source projects.

Previously, Barak was the CTO and Co-Founder of Bridgecrew (acquired by Palo Alto Networks) and held various engineering and leadership roles at RSA, Fortscale, and IDF C4I & Cyber Security Directorate.

Workshop: Exploring Policy as Code for Cloud Infrastructure

How do you check for security requirements while you build your cloud

In this workshop, we'll walk through how to use policy as code to
deliver and release an immutable machine image with security in mind.

Learn to use static analysis to check provisioning scripts for security requirements. Then, you'll construct a secure image with Packer. Finally, you'll create a test server with Terraform and dynamically analyze the server runtime for vulnerabilities.

Bring your own machine and make sure you install the prerequisites listed at https://github.com/tracypholmes/policy-as-code-workshop

OUR INSTRUCTORS: Tracy P Holmes & Rosemary Wang

Tracy P Holmes is a self-proclaimed "jackie of all trades" (and mistress of being herself). Tracy has experienced both sides of HashiCorp’s Terraform - as a Software Engineer and now a Developer Advocate. When she isn't speaking or levelling up her programming skills to make the Terraform ecosystem even better, she likes baking, volunteering, hanging with her pup, and reading mysteries. She is a strong believer that open source is like gardening - pay attention to your conditions, and water only when needed.

Rosemary Wang is a developer advocate at HashiCorp. She has a fascination for solving intractable problems with code, whether it be helping an infrastructure engineer learn to code or an application developer troubleshoot infrastructure failures. Besides coding and writing, Rosemary has spoken and run workshops at Grace Hopper Celebration, O’Reilly Software Architecture and Velocity, Women
Who Code events, and more. For her technical and speaker portfolio, check out https://joatmon08.github.io/.

Past events (66)

Hunting for IDORs with Katie Paxton-Fear

Online event

Photos (109)