2024-12-14 –, Workshop Room 3
Open-source tools offer a powerful, cost-effective solution for securing modern applications from development through deployment. This workshop will walk through key tools that help protect your entire stack—from securing your codebase, to monitoring cloud environments, and automating vulnerability detection. We’ll also discuss the strengths and limitations of open-source security tools, showing when they can be the perfect fit for your needs, and when proprietary or custom solutions may be more appropriate.
Attendees will get habnds on with tools like OWASP ZAP, Trivy, Bandit, and Checkov to help them understand how to effectively incorporate these solutions. You'll leave with practical knowledge of the best tools for various security tasks and guidance on integrating them to protect your applications at every level.
Open-source tools have become essential in today’s cybersecurity landscape, offering comprehensive, low-cost solutions for securing modern applications. From securing codebases to protecting cloud environments, these tools can help organizations achieve full coverage without massive investments. However, while open-source tools offer significant advantages—such as flexibility, community support, and transparency—there are also scenarios where they fall short, such as scalability issues, lack of enterprise support, and specific feature gaps.
In this workshop, we’ll explore the full spectrum of how open-source tools can be leveraged to secure your applications from development to deployment—covering both the code and cloud layers. We’ll walk through specific tools like:
-OWASP ZAP for web application scanning,
-Trivy for container security,
-Checkov for threat detection in cloud assets
-SemGrep, Bandit and Brakerman for SAST
Through hands-on experimentation you will see these tools in action and learn how they can be integrated into your development pipeline to enforce security at every stage. We’ll also dive into real-world examples where open-source tools excel—and where they may not always be the best fit.
By the end of this session, you’ll walk away with practical strategies to secure your application’s entire stack with open-source tools, as well as an understanding of the limitations to be mindful of. This talk is ideal for security engineers, developers, and DevOps teams looking to improve their security posture using open-source solutions.
Mackenzie is a security researcher and advocate with a passion for application security. As the co-founder and former CTO of a health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.
Today as an Advocate at Aikido Security, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code. Mackenzie is also a seasoned speaker having spoken at conferences in 29 countries, he is the host of The Security Repo podcast and a frequent contributor to various technical publications like Dark Reading and Security Boulevard.