2:00-2:50 PM - TRACK 4, ROOM 1700
BUILD MORE SECURE APPS BY HARNESSING THE POWER OF OWASP SKF & ASVS ON KUBERNETES
"Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what is takes to deploy a containerized application like SKF into Kubernetes? Do you want to harness the full potential of an open ASVS for a more secure SDLC? This talk will address these questions and more! Discover the power OWASP’s ASVS and SKF running on Kubernetes.
OWASP ASVS is the open application security standard for designing, building, and testing application security controls – and it is baked right into OWASP SKF. During our talk we will highlight the integration between the two projects, show how to start using SKF to learn and manage ASVS requirements, and demo a few relevant SKF Labs.
A Github repo will be released prior to the session with the tools and scripts to setup and deploy OWASP SKF using 1) “minikube” on a single EC2 instance with “terraform” and 2) a complete ‘from scratch’ AWS Kubernetes cluster configuration configured with “kops” and “terraform”.
We believe the OWASP SKF and ASVS projects have a lot of potential, and we hope to foster some additional community attention and contributions. "
Farshad Abasi is an innovative technologist with over twenty four years of experience in software design and development, network and system architecture, cybersecurity, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last twenty years. He started Forward Security in 2018, with a mission to provide world class information security services, particularly in the Application and Cloud security domains. Prior to creating Forward, he was a senior member of HSBC Group's IT Security team with the most recent positions being the Principal Global Security Architect, and Head of IT Security of the Canadian division. Farshad is continuing an eighteen year stint as an instructor at BCIT where he shares his passion for information and network security, helping others build a career in this exciting field. He is also the security correspondent for CFAX radio, BSides Vancouver/MARS board member, Vancouver OWASP chapter lead, a CISSP designate, and a UBC CS alumnus.