Using Open Source AppMap for Runtime Security Analysis

When (day):
16:00 - 17:00

Session Video

About this session

In this workshop. We will show how new users can use AppMap, an open source runtime code analysis tool, to analyze RailsGoat a vulnerable Ruby on Rails application. We’ll show a step my step process for users to get Railsgoat running and also an introduction to VS Code and AppMap. In addition we’ll show:

  • Opening projects in VS Code
  • Setup and Run Railsgoat locally via bundler
  • Install AppMap into VS Code & Ruby Libraries
  • Run tests and use Runtime Analysis to identify vulnerabilities
  • Navigate AppMaps: Dependency View, Trace View and Sequence Diagrams
  • Fix vulnerabilities and use Runtime Analysis to confirm fixes
  • Compare Auto-Generate Sequence Diagrams with before/after fixes
  • Generate OpenAPI Documentation
  • Ingest OpenAPI Documentation into OWASP Zap for targeted Web Application Scanning (DAST)

From here we’ll investigate security findings that can only be picked up within a runtime analysis of the software.