What is DefectDojo?

22:38
 
Share
 
Manage episode 171708116 series 108783
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

In this to the mat edition of the Exploring Information Security podcast, Greg Anderson joins me to discuss the OWASP project DefectDojo.

Greg (@_GRRegg) is one of three project leads for the OWASP project DefectDojo. The project is an appsec automation and vulnerability management tool. This is something I wish was around when I first started managing vulnerabilities for the development team. It has got a lot of great features including metrics, integration with JIRA, automatic ticket creation, vulnerability de-duping, and of course it allows appsec teams to manage vulnerabilities in development. A demo site is available. It's open-source (as all OWASP projects are). I would recommend anyone having to manage vulnerabilities check this project out.

In this episode we discuss:

  • What is DefectDojo?
  • Why create the project?
  • Why the name?
  • Who should use the tool
  • How to effectively use the tool

[RSS Feed] [iTunes]

115 episodes available. A new episode about every 6 days averaging 29 mins duration .