- 10
- 104 227
Wise Fox Security
New Zealand
Приєднався 4 чер 2019
Making Security Simple
From DevOps to DevSecOps - OWASP NZ Day 2023
Are you struggling to balance security and agility in your organization? Join my talk on Implementing DevSecOps to learn practical tips and best practices for integrating security into your DevOps pipeline. Transform your organization's security posture and drive innovation with confidence.
In today's rapidly evolving threat landscape, it's critical to integrate security into every stage of the development lifecycle. However, traditional security approaches can hinder agility and innovation. This is where DevSecOps comes in, providing a framework for building security into the DevOps pipeline. In this talk, I will share practical tips and best practices for implementing DevSecOps in your organization, including how to integrate security as code, use automated security tools, and conduct regular testing and reviews. Join me to learn how to transform your organization's security posture and drive innovation with confidence. Don't miss out on this essential topic for any modern organization. I am covering the following topics in this talk:
- What is DevSecOps and its benefits?
- Importance of security in DevOps
- Challenges while implementing DevSecOps
- How to overcome such challenges
- Integrating Security into DevOps Processes
- Best Practices for Implementing DevSecOps and more
In today's rapidly evolving threat landscape, it's critical to integrate security into every stage of the development lifecycle. However, traditional security approaches can hinder agility and innovation. This is where DevSecOps comes in, providing a framework for building security into the DevOps pipeline. In this talk, I will share practical tips and best practices for implementing DevSecOps in your organization, including how to integrate security as code, use automated security tools, and conduct regular testing and reviews. Join me to learn how to transform your organization's security posture and drive innovation with confidence. Don't miss out on this essential topic for any modern organization. I am covering the following topics in this talk:
- What is DevSecOps and its benefits?
- Importance of security in DevOps
- Challenges while implementing DevSecOps
- How to overcome such challenges
- Integrating Security into DevOps Processes
- Best Practices for Implementing DevSecOps and more
Переглядів: 563
Відео
OWASP NZ 22 - Building Your First DevSecOps Pipeline
Переглядів 8 тис.Рік тому
Abstract I am sure all of you have heard about "Shift Left Security" in many presentations, but how do you actually achieve this? Well, this is the talk for you - where I'll cover all the DevSecOps buzzwords and showcase a functional DevSecOps pipeline that can perform security testing such as SCA, SAST, and DAST. Description In this talk I'll cover how to build your first DevSecOps pipeline wi...
Setting Up Your DevSecOps Lab with GitLab
Переглядів 1,3 тис.2 роки тому
In this video I'll show you how to setup your own DevSecOps lab for free with GitLab so you can test your CI/CD pipelines and your security tooling. This video covers: - How to setup your first GitLab project - How to setup, install and register your own GitLab Runner - How to run a simple pipeline to ensure everything that you setup is running as desired. Hope you find this video useful and if...
Mystikcon 2021 - Creating Your First DevSecOps Pipeline with Open Source Tools
Переглядів 1,8 тис.2 роки тому
This year at Mystikcon 2021 we presented on how to create your first DevSecOps pipeline with Open Source Tooling. This talk will cover all the theory and practical aspects of how to implement security tools and what you can expect from such pipelines and tooling once it is in place. I hope you enjoy this talk and learn something new. If you have any questions please feel free to comment or twee...
Android Application Pentesting - Mystikcon 2020
Переглядів 67 тис.3 роки тому
I had the opportunity to present at Mystikcon in December 2020 on Android Application Pentesting. In this talk I cover all the basic components of Android app and then talked about Static and Dynamic Analysis (with demos). I hope you find this video useful and please feel free to comment if you have any questions related to Android App Pentesting. My Twitter: _R00T_ Disclaimer: This...
Offensive Security Web Expert (OSWE) - Journey & Review
Переглядів 11 тис.3 роки тому
In this video I'd like to share my journey to AWAE/OSWE course and exam with you. I spent 6 - 8 months preparing for the exam and managed to pass it last month. I tried to answer most of the questions that people have asked me over the pas month or so in this video. If you have any further questions, please feel free to post them in the comments section and I'd answer them. Follow me on Twitter...
Android Application Pentesting Course
Переглядів 1,3 тис.4 роки тому
I am starting a new UA-cam series on Android pentesting. My aim is to cover all of the latest attacks and defenses that can help you make your Android apps more secure. I'll be covering the series from both perspectives, pentesters and developers. I hope you enjoy the contents and if so please subscribe to my UA-cam channel and share these videos. My Twitter: _R00T_ Disclaimer: Thes...
Offensive Security's OSCP Certificate - My Journey & Review
Переглядів 10 тис.4 роки тому
In this video I'd like to talk about my journey to OSCP certificate. This was such a milestone in my career when I obtained this certificate couple of years ago. In this video I will share my tips to prepare for OSCP and I hope you find this video useful. Follow me on Twitter: _R00T_ And please subscribe to my UA-cam channel if you'd like to see more information security related videos. Offensi...
eLearnSecurity's eWPTX Certificate Story/Review
Переглядів 4 тис.5 років тому
Hello everyone, here is my review of eLearnSecurity's Web Application Penetration Testing Extreme Course. eLearnSecurity's Website: www.elearnsecurity.com/ Course Details: www.elearnsecurity.com/course/penetration_testing_extreme Please subscribe to the channel for lots more web application and mobile application pentesting related videos :) Follow me on Twitter: @_R00T_
Hello World
Переглядів 2765 років тому
Welcome to my channel everyone. This is the first video of the channel and I'd like to give you a quick intro through this video about what you can expect from this channel.
Good video
720p video, poor screencast video'd into video, and no materials shared. 10/10
Make so many videos for this 👩💻
MOBSF Rules! Love that now there's a Docker image.
It's ok but it produces lots of False positives.
Are there opportunities after the oswe. how easy is it to get a job
🙏
hello, can you share the repo?
great
Thanks so much for the explanation on how pipeline works do you train on devsecops. I mean 1 2 1 training. Please let me your thought. Thank you
Glad you found it useful. And yes we do one on one trainings. For more information please email training@thewisefox.co.nz
i don't now how to say thank you man pls we need more videos in Statics Analysis
This is excellent... im in the middle of a bug bounty that requires some android pentesting knowledge. The video really helped.
this is really the video I was looking for, thank you very much. I saw that you were not very active anymore but thanks for teaching me all this.
I had adb on my android device, and it went completely over my head to use it on the linux. I was trying to tunnel my tcp traffic, which is a not nearly as fluid as that. 😅 I feel so silly - thank you for the reminder & useful information 🙌✨
Haha yes the ADB way is easier. I have tried TCP tunneling in the past but never got used to it for some reasons haha
@@WiseFoxSecurity ADB doesn’t require you to make so many configurations and changes to your network to get the outcome of which you’re looking compared to TCP tunneling. I’m sure there’s benefits to it that I’m too ignorant to understand, at this point, that I’m missing out on, but ADB is a brilliant option. Not sure if you’ve used it, and would be curious on your opinion of NordVPN Meshnet?
hi thanks for your best tutorial just teach more on real application like application that have dexguard and we can't read they code
Please go ahead
Awesome road maps for implementation
Nice job
Thank you for your detailed review . I just finished OSCP,I am planning to do some study prep on understanding the basics of the languages required then I will sign up for the course . Appreciate your time putting this together !
Can you please tell me how can i download any application apk if want to perform the pentesting on that apk.
Thanks for your information ..
Thank you for your sharing. Can you share the slide ?
where can i find the YML files used here?
Pls make. Video on how to bypass any login in Android apk. Thnk u☺️
Awesome and Thank you so much from Pakistan. Amazing quality content
Dear, thanks for your session, I followed the same steps and it went well. But I stuck at one point, my pipe line status is showing always pending after committing the a sample .yaml file that you have shown in the demo. It would be great if you can help me out on this issue.
04:00 APK 05:38 manifest 06:37 classes.dex 07:12 res 07:43 META-INF 09:19 demo, unzip 10:55 apk decompilation, jadx, static analysis, mobsf 14:05 apktool 17:22 MOBSF, docker container, drag n drop, false positive 21:20 hardcoded credentials 23:26 classes.dex, jd-gui, jar file 26:12 Activities 28:17 implicit intent 30:05 broadcast receivers 31:35 services 32:10 content provider 33:41 dynamic analysis 34:56 frida, drozer, RMS, objection 35:55 frida, ssl pinning, aws keys on the fly, genymotion 38:38 frida set up 40:00 dynamic analysis 43:10 all running processes, packages
Underrated comment
best video for me, When can we expect the series for it + You are a great teacher 👍
The best video in my week Thanks alot 😘
Hello sir, I really like your video. i would like to offer cooperation. can i contact you by email, and please give me an email address i can contact you?
does this work on app built with reactNative?
or only java?
23:55 I don't understand what do you mean by "try harder" in the context of the question?
thanks!
plz make a video on mob sf installation on kali Linux and windows
plz make a video on mob sf installation on kali Linux and windows
Where are the APK you mentioned to download for practice?
Possible to change the code and recompile the apk? I want to bypass an sms verification
54:58 Approach Install app in emulator such as Static analysis, hardcoded key/secrets using tools such as mobsf Dynamic analysis, Use Frida
I have a query...Is the lab access needed to practice because I only have video access and lab access is not affordable
Great video bro, best wishes.
Thank you! Hope you found it useful 😊
Firstly, thanks a lot for this content. It motivates many of us to play with pipelines. Secondly, cant say this for everyone but I would like to know more and more on the secops tooling.
Sure thing mate. I'll be posting more videos on this topic 😊
Sir please make full video in PIVAA practical..
what check should we implement to prevent the password hack ?
great talks for n00bs ❤️🔥
I want be your course bro
can you pls tell me where I can find all links of your "some useful links" slide?
54:00 he did mention it on the video
thank you so much, this video has opened my way to android pentesting
Wow this comment made my day. I am so glad that you found this video useful. I'll upload more videos soon. Happy holidays everyone!!
@@WiseFoxSecurity Real useful, android pentesting was always mysterious to me, after this, then my plan for 2022 is to go for android pen testing, I have already subscribed to your channel and whoever asks me about android hacking I will recommend your channel, keep up great video. thank you for your free knowledge, waiting for more
Thanks for this tutorial
in some apps ssl bypassed failed to get request so what we can do more ?
Buenas, alguien me puede recomendar por favor un buen curso o certificación de mobile hacking para aplicaciones ios y android?, gracias!!!