Adding DAST to CI/CD, Without Losing Any Friends WORKSHOP presented at BSides Las Vegas 2022

by Tanya Br,

Tags: Training Ground

Summary : Everyone wants to put tests into the release pipeline, but no one wants to wait hours for them to finish. In this workshop we will discuss multiple options for adding dynamic application security testing (DAST) to your CI/CD, in ways that won’t compromise speed or results, such as limiting scope, using HAR files, using test subsets, etc. Then we will do it! Learn to setup a CI/CD in GitHub using Actions, create a Bright Sec DAST account, and scan BrokenCrystals.com to find many, many vulnerabilities.