Testing with your left foot forward

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 4:30 p.m. (45 minutes)

DevOps has brought many benefits to security - SAST and SCA security tools have been baked into build pipelines. To some extent, even automated DAST has been integrated into our build pipelines. However, this leaves a gap with manual testing. Manual assessments occur, be it in house or via bug bounties, and at best we can automate the delivery of our results into a defect tracker like Jira. However, this just adds to the backlog - we can do better. This talk will explore how manual testing efforts can - using standard, pre-existing dev & QA tools - be more tightly coupled into the build pipeline and drive faster remediation.

Presenters:

• Jeremy Long
  Jeremy Long is a principal engineer at a large financial institution. He specializes in securing the SDLC via secure development training, security requirements and coding standards, tooling for early identification in build pipelines, etc. He has a deep understanding of static analysis and has created and customized automated tools to both decrease assessment time and increase quality. Jeremy is the founder and project lead for the OWASP dependency-check project.

Links:

• https://globalappsecdc2019.sched.com/event/UYaK/testing-with-your-left-foot-forward

Similar Presentations:

• AppSec USA 2015 / Blending the Automated and the Manual: Making Application Vulnerability Management Pay Dividends