Automating App Security Tests in Development with Docker

Explore automated application security testing using Docker in this 45-minute conference talk from LASCON. Learn why continuous testing is crucial for preventing breaches and how Docker simplifies the process. Discover the basics of Docker images, mounts, and ports, and see live demonstrations of launching web apps and attack tools. Understand how to integrate "continuous attack" into the software development lifecycle, including ad-hoc scans, CICD integration, and getting data to developers. Witness broad attacks using tools like ZAProxy, nikto, and skipfish, as well as application-specific attacks with wpscan and SQLmap. Delve into fuzzing techniques using ffuf and wfuzz. Leave with practical knowledge on implementing automated security testing in your development process.