Varun Kakumani & Rohit Sehgal


Talk Title :

ZaaS: [OWASP] ZAP As A Service - Continous Security For 20K+ APIs


Abstract :

API and Website application security scanning at scale using OWASP ZAP and a service to manage the ZAP.

OWASP ZAP is a great open source tool to scan your website or API requests for different types of vulnerabilities. ZAP also provides a different way to customize your scan, like scan policy, custom add-ons, community add-ons, and many more. You can find ZAP's open-source repository on Github. ZaaS is built on the APIs provided by ZAP.

While it's an awesome tool to scan for a specific request or API, using in corporates where you need to scan 1000s of websites or APIs can be a hectic task and it's impossible to scale just running a single ZAP instance. Hence the idea, ZaaS, where ZAP runs as several instances on Kubernetes cluster with as many pods as you like to scale your ZAP as per your company needs.

Bio :

Varun Kakumani, Product Security Lead at Gojek. Technical leader and mentor with 9 years of experience in Product Security, Cloud Security, DevSecOps, Vulnerability Management, Vulnerability Remediation & Mitigation, and VAPT. Currently leading DevSecOps at Gojek and scaling security for more than 20 products.

Want to connect with Varun Kakumani?

Rohit Sehgal, Staff Security Engineer at Ethoslife and Founder of Security Zines. Experienced in areas like Pentesting, Kubernetes Security, Cloud Sec, DevSecOps, and Infra sec. Love to code and make automation do teeny tiny work. Masters from IITK with specialization in System Security with an award-winning research and Holding Professional Security Experience of 6 years of working with Walmart, Visa, Gojek, and now with Ethoslife. Cyber Security SME at Upgrad. Speaker at various conferences in the past, GrayHat, OWASP AppSec IL, CoCoN, Bsides to name a few.

Want to connect with Rohit Sehgal?