It has been a while since I posted something. I have been pretty busy with my day to day. I am re working my lab and some other projects. I was thinking on what to post about and since in my last post I deployed a small application security lab on Kubernetes. I thought it would be cool to run one of the tools I had deployed. I chose OWASP ZAP. ZAP is a DAST tool which means it tests the application while it is actually running. Think of it as a robot that pokes at your app from the outside looking for weaknesses.

I have been looking for the opportunity for document deployment of a small application security lab that I created last year in my home. I want to be able to run SAST SCA and other application tools. To see how they behave and how they work with the CI/CD. I will be using Kubernetes for this project. Rationale is that Kubernetes allows IAC to deploy these containers. Which makes the deployment a lot more easier and simpler than having to deploy it from on host, dealing with dependencies and other “FUN” configurations. I will add detailed configuration steps later on how everything connects.

I started this blog as a simple Obsidian to Hugo project. I found it fun and very useful. Because of the utilities for this. I am planning to use this blog to post about project tips and tricks, maybe personal stuff and cool things I find. Main topic I am writing about will be technology including but not limited to Info Sec, development and video games. I hope you enjoy this as much as I did setting up and writing it. Every now and then I will write about current occurrences.