In this to the mat edition of the Exploring Information Security podcast, Greg Anderson joins me to discuss the OWASP project DefectDojo.
Greg (@_GRRegg) is one of three project leads for the OWASP project DefectDojo. The project is an appsec automation and vulnerability management tool. This is something I wish was around when I first started managing vulnerabilities for the development team. It has got a lot of great features including metrics, integration with JIRA, automatic ticket creation, vulnerability de-duping, and of course it allows appsec teams to manage vulnerabilities in development. A demo site is available. It's open-source (as all OWASP projects are). I would recommend anyone having to manage vulnerabilities check this project out.
In this episode we discuss:
- What is DefectDojo?
- Why create the project?
- Why the name?
- Who should use the tool
- How to effectively use the tool