15 August 2018
Scalable and Comprehensive Application Security is an essential requirement, especially for DevOps and rapid-release applications. However, most environments today find it challenging to successfully incorporate a robust and resilient Application Security practice into their Continuous Delivery Pipeline.
This session will address different techniques and integration practices that can be used to automate Application Vulnerability Assessments, married with Functional Testing (for Web Services and Single Page Apps) for SAST, DAST and SCA. The session will be replete with demos and case examples with minimal theory coverage only used to support the concept of Application Security Automation.
The talk will delve into:
• Integrating Functional Test Automation and End-to-End Tests with Selenium (multiple implementations), Robot Framework, Nightwatch.js, Chai.js etc. to perform Security Testing
• Performing Automated, Authenticated and Parameterized Vulnerability Assessments against Web Apps and Web Services by leveraging tools like OWASP ZAP and BurpSuite Pro
• Leveraging Functional Test Automation to conduct security testing of Microservices and Serverless applications