OWASP AppSec Europe 2015: Security DevOps - Staying Secure In Agil...

View analytic

Security DevOps - Staying Secure In Agile Projects

In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers.

Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.

I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.

Speakers

Christian Schneider

Whitehat Hacker, Christian Schneider

Christian Schneider (@cschneider4711) writes software since the nineties, works as a freelance software developer since 1997, and focuses on Java since 1999. Aside from the traditional software engineering tasks he support clients in the field of IT security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Christian enjoys writing articles about web application security (for the German... Read More →

Friday May 22, 2015 11:05 - 11:50
Room E106 & E107 Amsterdam RAI

Ops talk

Attendees (47)

T
A
m
g
a
T
M
M
R
A
a
S
z
n
A
A
u
T
H
D
g
View All →

OWASP AppSec Europe 2015

Sign up or log in to save this to your schedule and see who's attending!

Christian Schneider

Attendees (47)

Recently Active Attendees