SECurity FUNdamentals

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes


Schedule Not Yet Finalized October 5, 2022 - Feedback     

Bookmark and Share

Farshad Abasi-Jahromi
Kurt Hundeck

Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what it takes to deploy a containerized application like SKF into Kubernetes? Do you want to harness the full potential of an open Application Security Verification Standard for a more secure SDLC? This talk will address these questions and more! Discover the power OWASP’s ASVS and SKF running on Kubernetes.

OWASP ASVS is the open application security standard for designing, building, and testing application security controls – and it is baked right into OWASP SKF. During our talk we will highlight the integration between the two projects, show how to start using SKF to learn and manage ASVS requirements, and demo a few relevant SKF Labs.

A Github repo will be released prior to the session with the tools and scripts to setup and deploy OWASP SKF using 1) “minikube” on a single EC2 instance with “terraform” and 2) a complete ‘from scratch’ AWS Kubernetes cluster configuration configured with “kops” and “terraform”.

We believe the OWASP SKF and ASVS projects have a lot of potential, and we hope to foster some additional community attention and contributions.