Continuous Security Testing in DevOps Environments

Explore continuous security testing in a DevOps environment through this 45-minute conference talk from AppSecEU 2014. Delve into the challenges of integrating security processes into fast-paced, automated software deployment cycles. Learn about an open-source security testing framework that leverages Behavior Driven Development (BDD) to bridge communication gaps between security, development, and testing teams. Discover how to define security requirements in natural language while maintaining executable automated tests. Examine the BDD-Security framework, which utilizes Selenium and OWASP ZAP to mimic human security testing, including complex authentication and access control tests. Gain insights into configuring the framework and integrating it with Jenkins CI server for continuous, in-depth security testing. Understand how this approach creates an automated process from code commit to security testing, with results comprehensible to all stakeholders.