16 Jun 2021
Presenter: Nicole Schwartz
Slides: https://docs.google.com/presentation/d/1hZAVqMY8btQtpG0nc90WTolJ1AVVZoDsFluz4MMHfXY/edit#slide=id.g29a70c6c35_0_68
Slides: https://docs.google.com/presentation/d/1hZAVqMY8btQtpG0nc90WTolJ1AVVZoDsFluz4MMHfXY/edit#slide=id.g29a70c6c35_0_68
- 1 participant
- 14 minutes
3 Sep 2020
This is the recording of a BrownBag presentation on introducing generic security reports in GitLab. https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/35
- 7 participants
- 1:06 hours
28 Jul 2020
This is a BrownBag Session (https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/33) about creating a snapshot-based, feedback-guided fuzzer that uses perf events for feedback. Project with example code: https://gitlab.com/gitlab-org/vulnerability-research/kb/presentations/creating_a_snapshot_feedback_guided_fuzzer
- 2 participants
- 57 minutes
21 Jul 2020
This BrownBag session discusses problems and solutions for deriving fuzzing harnesses from existing unit tests.
BrownBag issue: https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/28
BrownBag issue: https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/28
- 2 participants
- 33 minutes
29 Jun 2020
This is a BrownBag session (https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/29) on setting up fuzzing on gitlab-runner and the .gitlab-ci.yml parser found in GitLab
- 4 participants
- 44 minutes
17 Jun 2020
00:18 AST market
02:50 SAST, spell checker, identify by patterns
04:13 secret detection, API keys
04:46 DAST, deployed code
06:37 dependency scanning
08:04 container scanning
09:15 licence compliance
09:47 Fuzzing , business logic flaws
18:00 SAST, false positive, pattern matcher, spell checker
22:52 IAST
25:16 it sucks to set up fuzzing currently in most cases
33:10 fuzzers, logical flows, API's [...], SAST, DAST, heartbleed
02:50 SAST, spell checker, identify by patterns
04:13 secret detection, API keys
04:46 DAST, deployed code
06:37 dependency scanning
08:04 container scanning
09:15 licence compliance
09:47 Fuzzing , business logic flaws
18:00 SAST, false positive, pattern matcher, spell checker
22:52 IAST
25:16 it sucks to set up fuzzing currently in most cases
33:10 fuzzers, logical flows, API's [...], SAST, DAST, heartbleed
- 6 participants
- 51 minutes
11 Jun 2020
This is the recording of a brown bag presentation on discussing developing with Docker at GitLab.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/25
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/25
- 2 participants
- 48 minutes
1 May 2020
Talk through how to do Window development for GitLab with google compute platform.
The agenda of the video follows:
- Current state of Windows on GitLab CI/CD
- GCP Windows Image for Development
- Demo: How to use a Windows image on GCP
- Windows Developer Tips
The agenda of the video follows:
- Current state of Windows on GitLab CI/CD
- GCP Windows Image for Development
- Demo: How to use a Windows image on GCP
- Windows Developer Tips
- 4 participants
- 37 minutes
11 Mar 2020
A presentation about symbolic/concolic execution engines, existing tools, and their applications.
- 4 participants
- 1:02 hours