add-memberalign-toparrow-leftarrow-rightbellblockcalendarcamerachatchevron-leftchevron-rightchevron-small-downchevron-upcircle-with-crosscomposecrossfacebookflagfolderglobegoogleimagesinstagramkeylocation-pinmedalmoremuplabelShape 3 + Rectangle 1pagepersonpluspollsImported LayersImported LayersImported LayersshieldstartwitterwinbackClosewinbackCompletewinbackDiscountyahoo

August Meeting: Continuous Security Testing

We are running continuous integration and tests against our software. How do we apply these principles to security? What do you test besides the OWASP Top 10? How long does it take? Does that hold up my deployments? If any code commit may be released to customers at any point, how do I make sure it is secure? What about the production environment? How do I deal with PCI, SOX, HIPAA compliance audits? Do I just use logs, graphs, honey pots, checks, automated tests?

Velocity NY 2013: Zane Lackey, Dan Kaminsky "Delivering Security: Faster, Better, Cheaper"

Related Articles/Slides/Videos



Join or login to comment.

  • Jahn V

    Interesting, most of OWASP testing manual can be implemented at the level of best practice from the onset. At what point is automated testing of the system for security more just testing the developer that he/she is following standards? Will there be multiple security testing loops? Or just one big one before live push? Look forward to hearing the presentation.

    August 8, 2014

22 went

Our Sponsors

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy