What is DefectDojo?

In this to the mat edition of the Exploring Information Security podcast, Greg Anderson joins me to discuss the OWASP project DefectDojo.

Greg (@_GRRegg) is one of three project leads for the OWASP project DefectDojo. The project is an appsec automation and vulnerability management tool. This is something I wish was around when I first started managing vulnerabilities for the development team. It has got a lot of great features including metrics, integration with JIRA, automatic ticket creation, vulnerability de-duping, and of course it allows appsec teams to manage vulnerabilities in development. A demo site is available. It's open-source (as all OWASP projects are). I would recommend anyone having to manage vulnerabilities check this project out.

In this episode we discuss:

  • What is DefectDojo?
  • Why create the project?
  • Why the name?
  • Who should use the tool
  • How to effectively use the tool