OWASP Ottawa April 12th 2023: Kanata, Github Actions, 3 Friends of OWASP Top10
Details
This page described the first of two OWASP Ottawa Meetups in April. The first, at the Trend office in Kanata. The second will be at our regular location at the University of Ottawa.
Welcome to our in Person Meetup at the Trend Office in Kanata
Before the pandemic we use to meetup every so often in Kanata at lunch in the Trend offices amongst others. Now, we are restarting this tradition this April at the newly renovated Trend office in Kanata.
Trend has renovated their Ottawa location and keen to show it off so they have a tour, refreshments (as in beer), and talks.
Trend office Location:
40 Hines Rd.
Trend Signup Page: https://resources.trendmicro.com/owasp-ottawa.html
Live Stream:
We will continue to Live Stream on our YouTube channel.
YouTube Live Stream Link:https://www.youtube.com/watch?v=-c-8URYRpNQ
Note that talks start at 5.
| 3:00 - 3:30 | Reception Coffee |
| ----------- | ---------------- |
| 3:30 - 4:30 | Welcome & Office Tour |
| 4:30 - 5:00 | Refreshments |
| 5:00 - 5:15 | Trend Micro Welcome and Introductions |
| 5:15 - 5:30 | How to get more from a Cloud-native application protection from One Platform |
| 5:30 - 6:00 | Garth Boyd: Three Friends from the OWASP Top 10 |
| 6:00 - 6:30 | Magno Logan: Github Actions 101: Creating a DevSecOps Pipeline |
| 6:30 - 8:00 | Q&A & Networking |
Garth Boyd: Three Friends from the OWASP Top 10
The OWASP Foundation is best known for its flagship project, the "OWASP Top 10". First released in 2003, the project has had several reorganizations and updates as it has reached a global audience. This presentation will briefly talk about OWASP the foundation, and OWASP Top 10 the project. But one hour is insufficient to talk about each element of the top 10. Instead, this presentation focuses on the investigation, lessons learned, and thrills and chills associated with The Three Friends that keep Garth up at night.
Speaker Bio:
Garth Boyd is a Senior Application Security Architect/Cloud Security Architect specializing in Secure Software Architecture and Ethical Hacking. He supports organizations wishing a designer, creator, and breaker to help them on their security path. A lifelong learner who enjoys crafting solutions to interesting and tough problems through architecture, threat modelling, mitigation design, and penetration testing. Researching new ideas, troubleshooting, communication, and thinking of six impossible things before breakfast are part of the journey. Currently, Garth is the OWASP Ottawa Chapter Leader and an independent consultant currently working with Mirai.
Magno Logan: Github Actions 101: Creating a DevSecOps Pipeline
One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. In 2019, GitHub released its own CI tool called GitHub Actions. According to GitHub, GitHub Actions help you automate tasks within your software development life cycle, and it has been gaining a lot of adoption from developers.
This talk will demonstrate how GitHub Actions work and show security tools to protect your applications from attackers. First, we’ll dive deeply into the Actions, the language, and the runners, the servers provided by GitHub to run your Actions. Then, we’ll show how to run SAST, DAST, and SCA using open source or free tools into your pipeline just using GitHub Actions. We’ll set up Actions for each tool to scan our application for security vulnerabilities at every pull request. We’ll leverage CodeQL and Semgrep for SAST, OWASP ZAP and Nuclei for DAST, and Dependabot and OWASP Dependency Check for SCA.
Speaker Bio:
Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, and DevSecOps. In addition, he has been tapped as a resource speaker for numerous security conferences around the globe.
