Omaha OWASP Dec 2016

Preview:

Click to see full reader

Citation preview

SWAMPs in the cloud and ground

Andrew Freeborn

• The SWAMP• What’s it like in the cloud?• Can I have a SWAMP in a box?• Demo!

Agenda

Andrew Freeborn
Stuff

• Software Assurance Marketplace• https://www.mir-swamp.org/• Scans C, C++, Java, Ruby, Python, Android

apps, and more!• Checks source code for problems and gives

you a report with a variety of tools• FREE

The SWAMP

https://www.mir-swamp.org/

• The SWAMP in the cloud has lots of capability to scan all kinds of packages you want

• Performs decently with short wait times• You can have your application scanned on

various platforms like Red Hat, Ubuntu, etc• Lots of tools available such as gcc, Clang,

and linters

The SWAMP cloud

• Now you can have the SWAMP on-premise• https://continuousassurance.org/swamp-in-a-

box/• Minimum: 12GB RAM, 256GB HD, 4 cores• Not all tools are available, but you still get

Code Dx• You can tune the SWAMP to your specific use

cases, but then you have to manage things• Still free

SWAMP in a box

https://continuousassurance.org/swamp-in-a-box/
https://continuousassurance.org/swamp-in-a-box/

• SWAMP• https://www.mir-swamp.org

DEMO

https://www.mir-swamp.org/

• vivirytech@gmail.com• https://vivirytech.blogspot.com• Twitter: @vivirytech

Thanks!

mailto:andrew242@gmail.com
https://vivirytech.blogspot.com/

Recommended

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP
Documents
Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series
Documents
The OWASP Foundation OWASP Busting Frame Busting
Documents
OWASP Joomla! Vulnerability Scanner - OWASP-MY
Documents
OWASP Israel Dec 2009 Meeting
Documents
OWASP Bangalore : OWTF demo : 13 Dec 2014
Technology
Oct/Nov/Dec 09 - B2B Omaha Magazine
Documents
Omaha Soaring Club | Omaha Soaring Club
Documents
OWASP Day - OWASP Day - Lets secure!
Internet
OWASP @ ISCTE-IUL, OWASP Top 10 2010
Technology
The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member
Documents
OWASP Education OWASP Global Summit Portugal 2011
Documents
Getting benefits of OWASP ASVS at initial phases · •OWASP Testing Guide •OSSTMM •... OWASP ASVS •PCI DSS mapping •MITRE CWE •OWASP Top 10 •… 11 From PCI DSS to OWASP
Documents
OWASP 2013 APPSEC USA Talk - OWASP ZAP
Technology
OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?
Documents
OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:
Documents
Omaha / ‘omaha’ : networks and alliance Draft 1995 Æ Draft 2008 ...intersci.ss.uci.edu/wiki/pw/OMAHA1White_Tortorice_Thompson.pdf · Omaha / ‘omaha’ : networks and alliance
Documents
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
Technology
Owasp Top 10 - Owasp Pune Chapter - January 2008
Technology
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Software