Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Continuous Security Testing in DevOps Environments

OWASP Foundation via YouTube

Overview

Explore continuous security testing in a DevOps environment through this 45-minute conference talk from AppSecEU 2014. Delve into the challenges of integrating security processes into fast-paced, automated software deployment cycles. Learn about an open-source security testing framework that leverages Behavior Driven Development (BDD) to bridge communication gaps between security, development, and testing teams. Discover how to define security requirements in natural language while maintaining executable automated tests. Examine the BDD-Security framework, which utilizes Selenium and OWASP ZAP to mimic human security testing, including complex authentication and access control tests. Gain insights into configuring the framework and integrating it with Jenkins CI server for continuous, in-depth security testing. Understand how this approach creates an automated process from code commit to security testing, with results comprehensible to all stakeholders.

Syllabus

Intro
DevOps and Development Practices
Continuous Delivery Pipeline
Application Security
Security Testing
Security Test 1
BDD Security Framework
Demo
Page Flow
Scanning
False positives
Config file
Navigation class
Selenium IDE
Zap
SQL Injection
Wrapping a Scanner
Functional Security
Is logged in
How to logout
Results
Functional Security Requirements
Verification vs Tests
Access Control
Profile
OnlyBob
Application Framework
Access Control Scenario
Jenkins
Deployment
Headless
Test Results
Jenkins Integration
Limitations
Test Maintenance
Test Failure
Self Verifying Requirements
Additional Tools
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Continuous Security Testing in DevOps Environments

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.