OWASP DefectDojo - The Heart of your AppSec Automation

OWASP Switzerland brings you another high profile talk directly from the source. Defect Dojo project leads Aaron Weaver and Matt Tesauro as well as contributor/moderator Fred Blaise will initiate us into the magic of Defect Dojo. Abstract You’re tasked with ‘doing AppSec’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo can be your one source of truth and become the heart of your AppSec automation program. DefectDojo grew out of a Product Security program 8 years ago and was created by AppSec people for AppSec people. In this talk, you’ll learn about DefectDojo and how to make the most of the many features it offers including its REST-based API. DefectDojo can be your one source of truth for discovered security vulnerabilities, report generation, aggregation of over 80 different security tools, inventory of applications, tracking testing efforts and metrics on the AppSec program. DefectDojo was the heart of an AppSec automation effort that saw an increase in assessments from 44 to 414 in two years. Don't you want 9.4 times more output from your AppSec program? It's time to ditch spreadsheets and get DefectDojo. You can find more about Defect Dojo on their website: https://www.defectdojo.org/ Our speakers for this talk are: * Matt Tesauro: Project Lead DefectDojo. * Fred Blaise: Moderator DefectDojo. As he lives in Switzerland, we can consider him the “local branch of DefectDojo” ;-) Recorded: 2021-04-14 Slides: https://github.com/OWASP/www-chapter-switzerland/blob/master/assets/slides/20210414%20DefectDojo%20-%20Matt%20Tesauro%20%26%20Fred%20Blaise.pdf Chapter page: https://owasp.org/www-chapter-switzerland/ Upcoming events: https://www.meetup.com/de-DE/OWASPSwitzerland/