Learnathon is project which used to demo SDLC/DevSecOps cycle
You can view demo here!. You can visit http:/demo-learnathon.herokuapp.com/ to find out the XSS bug which I made for Milestone.
I use Jenkins for through out the process and all job is handled on it.
- Prepare the checklist with Security Knowledge Framework
- Value security & risk of blueprint using Miro App to design threat modeling
I use:
- VS Code: IDE for dev
- SonarLint: Application of Sonar ecosystem to improve code quality, code pattern and security code
- Github: Store & archive sources, prepare for next stage
- Maven: Build java project
In this stage, I will use 2 type of scanning - SAST & DAST scan for this project:
- SAST (Static Application Security Testing): OWASP Dependency-Check and SonarQube scan
- DAST (Dynamic Application Security Testing): OWASP ZAP Proxy
- Jenkins Tool
- Heroku Cloud: for web app deploy and monitoring
