Past Meetup

Security Regression Testing with ZapAPI and NodeGoat

This Meetup is past

10 people went

Details

Don't go to Dimension Data. Thanks Catalyst for providing the room at short notice.

Kim Carter of BinaryMist (http://binarymist.io/) will provide a whirlwind tour of a Proof of Concept covered in his new book "Holistic Info-Sec for Web Developers (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)", that he has since implemented for a large international client.

This hands-on session will show web developers how to leverage the abilities of the OWASP Zap API to discover many vulnerabilities in your web application as you are creating it, rather than at the end of the project.

This is essentially like having a full time penetration tester on your development team, continuously security regression testing your product as a CI or nightly build as it's being developed. For a very minimal set-up cost.

github source (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)

Teaser: https://youtu.be/DrwXUOJWMoo

#############################################

In order to participate in this session, you'll need a computer that has one of the following. From most preferred to least:

1. VirtualBox installed to run a vbox image (That's a VirtualBox VM)
2. Some virtualisation software installed that can create a VM with the supplied vmdk disk image
3. Be prepared to setup all components from scratch using ( https://github.com/binarymist/NodeGoat ) and ( https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API ). This generally has a few unexpected hurdles that trips many up.

I'll be passing a VM around via NTFS formatted (for files over 4GB) USB stick. Please also bring some USB sticks that can carry the large files (8.1GB, so 16GB stick needed) to help propagate amongst your pairs, so we can get up and running as quickly as possible.

Look forward to seeing everyone there :-)