Kim Carter

Security focussed Technologist

Kim Carter

Kim Carter

NodeGoat is the next gen WebGoat, written in NodeJS, It comes with a tutorial covering the OWASP Top 10 + other vulnerabilities. NodeGoat also has a Security Regression Testing Proof of Concept (PoC) using the Zap API which is getting a lot of use in training teams around the importance of moving security from the most expensive place (go-live) to the cheapest (within the Development Teams Sprints). Based on this PoC, I’ve sold and implemented Security Regression Testing with Zap API within a large international companies development team and seen amazing results. I would like to move this forward, increase the coverage, add defect features, get all components and their docker images working in a nightly build to further demonstrate the huge advantages of moving security left and also demonstrate how useful Zap can be in the build process.

I would like to propose a NodeGoat workshop. The action plan is here.

The skills required for the following Working-Sessions appear to match my skill-set, and I would love to play a part in helping with them:

  1. OWASP NodeGoat
  2. AWS Lamba Security
  3. NextGen Security Scanners
  4. ZAP
  5. Threat Model
  6. Mobile Security

I would need flights and accommodation provided by OWASP as I’ve been working for the love of security in our industry mostly on my book series “Holistic Info-Sec for Web Developers” without income for many months - please let me know soon if this will be possible, as I will need to announce and prepare the workshop, and refrain from submitting further presentations and Working-Sessions around these dates.

OWASP Contributions

Scheduled Working Sessions for Kim Carter







10:30 - 12:30
No session
DevSecCon Villa (OK314)
No session
No session
No session

contact details

(for Working Sessions organisers)

To invite Kim Carter to your Working Session use invited: Kim Carter

Back to list of all Participants

Edit this page here