Practical Dynamic Application Security Testing within an Enterprise

Explore practical approaches to dynamic application security testing within enterprise environments in this AppSecUSA 2017 conference talk. Learn how to integrate security into DevOps processes through strategic planning and implementation of a common pipeline for Continuous Integration (CI) and Continuous Deployment (CD). Discover two complementary methods for scalable and comprehensive application security: deploying dynamic scanners within CI/CD pipelines and leveraging data from analytic tools. Gain insights into using containerized RESTful API services for rapid security analysis of multiple applications. Understand how these solutions can transform application assessment practices, enabling efficient scanning of thousands of URLs and incorporating dynamic analysis into all build cycles. Benefit from the speakers' experience in implementing these approaches at Verizon, enhancing the security posture of a large enterprise.