February Office Hours: Getting Started with DefectDojo

Описание: New to DefectDojo? Join this introductory webinar to learn how you can use DefectDojo to prioritize, deduplicate, and automate vulnerabilities, SOC alerts, and more.

DefectDojo is an open‑source platform that automates vulnerability triage, prioritization, and vulnerability management for AppSec and SOC tools.

00:00 Welcome & What You’ll Learn: Getting Started with DefectDojo
00:48 Meet the Speaker: Matt Tesauro’s AppSec & OWASP Background
01:46 The Big Picture: Why Security Must Move at Assembly-Line Speed
02:47 The Pain Today: Excel, Manual Triage, and Tool Sprawl
03:26 The Solution: DefectDojo as Your Single Source of Truth
04:58 Central Hub Workflow: Normalize, De-dupe, Auto-Triage, Then Ship to Jira
05:59 Why DefectDojo (Not the Acronym): Automation-Friendly Vulnerability Management
08:27 Real-World Impact: Prioritization That Cuts 30,000 Findings Down to 80
10:50 Fits Any Maturity Level: From New AppSec Programs to PR-Gating Automation
11:49 Understanding the Dojo Data Model: Product Types, Products, Engagements & Findings
12:55 New Labels + Locations: Evolving the Model for Performance and Clarity
14:28 Open Source vs Pro: DIY Community Edition vs “You’re Just Done”
16:00 What’s New/Next: MCP + LLMs with Clean, Normalized Vulnerability Data
19:08 New Integrations & Asset Hierarchy: Better Destinations and Better Visibility
20:52 Smarter Prioritization: Custom Weights, Risk Buckets, and Asset-Specific Rules
22:45 Connectors + Universal Import/Parse: Automate Ingest from Vendor APIs & CI/CD
24:49 Coming Soon: Modernized UI for DefectDojo Community Edition
25:28 Wrap-Up: Automate the Drudgery, Report Holistically, and Scale to Millions
27:00 Q&A Invitation and Closing