Hacker days:- Integrating Automated Security Checks into the CI/CD Pipeline
Details
We are thrilled to announce a Hands-on Hacker Days session, courtesy our Hosts Akto.io . We also thank them for arranging awesome food and drinks.
Topic: Integrating Automated Security Checks into the CI/CD Pipeline for DevSecOps
This workshop will equip participants with the knowledge and hands-on skills to integrate Static (SAST), Dynamic (DAST) and Interactive (IAST) Application Security Testing into their GitHub DevSecOps pipelines.
Pre-requisites:
A GitHub account.
Basic understanding of application security.
Attendees are required to bring their laptops with internet connectivity
Agenda:
Introduction (15 minutes)
The DevSecOps paradigm and its importance.
Understanding GitHub Actions.
The relevance of SAST and DAST in the CI/CD pipeline.
Overview of GitHub Actions for CI/CD (10 minutes)
Basic components: workflows, runners, actions.
Demonstration: A simple CI pipeline with GitHub Actions.
Hands-on: Integrating SAST with GitHub Actions (20 minutes)
Introduction to Static Application Security Testing.
Popular SAST tools and choosing one for demonstration.
Hands-on activity: a. Setting up the SAST tool on a sample GitHub repository. b. Writing a GitHub Actions workflow to automate SAST scans on every pull request or push. c. Analyzing and understanding the SAST report in the GitHub interface.
Hands-on: Integrating DAST and IAST with GitHub Actions (60 minutes)
Introduction to Dynamic Application Security Testing and Interactive application security testing.
Common DAST and IAST tools suitable for CI/CD integration.
Hands-on activity: a. Setting up a test environment (ideally a deployed version of the app). b. Configuring the DAST tool to scan the deployed application. c. Writing a GitHub Actions workflow to trigger DAST scans post-deployment. d. Analyzing and responding to DAST findings within GitHub.
What's in it for Participants?
Skill Enhancement: Mastery of integrating key security tools within the popular GitHub Actions CI/CD framework.
Hands-on Experience: Directly apply workshop teachings to real-world scenarios.
Collaboration: Network and collaborate with peers facing similar challenges.
Speaker Bios:
Ankush Jain: Ankush is the co-founder & CTO at Akto (https://www.akto.io) - The open source API Security product. Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He holds Bachelors in Technology from IIT Bombay. He is also a speaker at Black Hat and Defcon.
Ankita Gupta: She is the co-founder and CEO of Akto.io - The open source API Security product. Prior to Akto she has experience working in VMware, LinkedIn and JP Morgan. She holds MBA from Dartmouth College and Bachelors in Technology from IIT Roorkee. She is also a speaker at Black Hat and Defcon.