OWASP Purpleteam with Kim Carter
How do you test the security of your applications? Carl and Richard chat with Kim Carter about purpleteam, an open-source library for testing web applications as part of your CI/CD pipeline. Kim talks about OWASP in general and yes, SQL injection (and injection in general) is still the number one security risk - but there are plenty more. Don't be an easy victim, start making security testing part of your build and deployment process!
Guests:
Kim Carter
Technologist / Engineer, Information Security Professional, Entrepreneur, founder of BinaryMist Ltd, founder of purpleteam-labs, OWASP NZ Chapter Leader, Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains, Kim enjoys teaching others how to apply information security to their Agile processes, bringing the security focus up front where it's the cheapest to implement, increasing profit while reducing costs and controlling technical debt. Organiser of two information security conferences (OWASP NZ Day and Christchurch Hacker Con), International trainer, speaker and published author.
Links:
- Blazor Virtualization https://docs.microsoft.com/en-us/aspnet/core/blazor/components/virtualization?view=aspnetcore-5.0
- OWasp Top Ten https://owasp.org/www-project-top-ten/
- Purpleteam https://purpleteam-labs.com/
- OWasp Zap https://owasp.org/www-project-zap/
- Selenium https://www.selenium.dev/
- Terraform https://www.terraform.io/
- Burp Suite https://portswigger.net/burp