An Automated AppSec Pipeline with Docker and Serverless

Modern Security Series by Signal Sciences

April 25, 2017

The Modern Security Series by Signal Sciences brings the best technologists around to present on modern security practices and approaches ranging from AppSec to DevOps.

Come each month and enjoy a fun and friendly presentation by some of the world’s foremost experts on topics that are shaping our industry for the future.

An Automated AppSec Pipeline with Docker and Serverless

Aaron Weaver (Application Security Manager, Cengage Learning) and Matt Tesauro (Senior Technical Project Engineer, OWASP Foundation)

This month, we’ve got Aaron Weaver and Matt Tesauro on Signal Sciences’ modern security series! They will share statistics and findings from previous JavaScript and npm projects.

Aaron Weaver is the Application Security Manager at Cengage Learning. Prior to that he was at Protiviti where he built out their secure coding practice. Aaron has managed application security programs at large organizations and leads OWASP Philadelphia. Aaron speaks frequently at OWASP, AppSec USA/EU, Infragard, ISSA, ISACA, IIA and Velocity. When he has time Aaron likes to make sawdust in his workshop.

Matt Tesauro is currently working full-time for the OWASP Foundation, adding automation and awesome to OWASP projects. Previously, he was a founder and CTO of Infinitiv, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is broadly experienced information security professional of 15 years specializing in application and cloud security. He is a former board member of the OWASP Foundation and project lead for OWASP AppSec Pipeline & WTE projects. He holds two degrees from Texas A&M University and several security and Linux certifications.

Brief Overview of This Month’s Modern Security Episode

Any optimization outside the critical constraint is an illusion. In application security, the size of the security team is always the most scarce resource. The best way to optimize the security team is automation. This presentation will provide an overview of key application security automation principles and practices creating an Application Security Pipeline augmented with automation.

With the rise of docker and serverless patterns, there is a whole new suite of tools available to the pipeline builder. We show you how to get started automating application security tooling and reporting using these new patterns.

Fill out the form and to get registered for the upcoming talk on Tuesday, April 25th, 2017. Can’t make it? Sign up anyway and get a copy of the recording after the talk!

Get the Webinar