Discover effective strategies for integrating security testing into your development process. Learn how to automate security checks, implement behavior-driven development for security, and leverage various testing methodologies. Explore the strengths and weaknesses of static application security testing, understand the limitations of dynamic application security testing, and gain insights into interactive security testing and penetration testing. By the end of this talk, you'll be equipped to create comprehensive security test cases, collaborate effectively with penetration testers, and focus on addressing complex security issues in your applications.
Overview
Syllabus
Intro
Agenda
Motivation for working in security
Security and developers working together
How to start
ASVs
Hockney Scanner
Code Review
Why Code Refuses
Use Functional Test Cases
BehaviorDriven Development
BDD Security
Static Application Security
Strengths
Weaknesses
Dynamic Application Security Testing
Limitations
Interactive Security Testing
Pen Test
Putting it all together
Pull Request
Pen Tester
Conclusion
Taught by
Devoxx
