Next Meetup

App Security Automation in Continuous Delivery pipelines - DevSecOps FTW
ABSTRACT Scalable and Comprehensive Application Security is an essential requirement, especially for DevOps and rapid-release applications. However, most environments today find it challenging to successfully incorporate a robust and resilient Application Security practice into their Continuous Delivery Pipeline. This session will address different techniques and integration practices that can be used to automate Application Vulnerability Assessments, married with Functional Testing (for Web Services and Single Page Apps) for SAST, DAST and SCA. The session will be replete with demos and case examples with minimal theory coverage only used to support the concept of Application Security Automation. The talk will delve into: • Integrating Functional Test Automation and End-to-End Tests with Selenium (multiple implementations), Robot Framework, Nightwatch.js, Chai.js etc. to perform Security Testing • Performing Automated, Authenticated and Parameterized Vulnerability Assessments against Web Apps and Web Services by leveraging tools like OWASP ZAP and BurpSuite Pro • Leveraging Functional Test Automation to conduct security testing of Microservices and Serverless applications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= SPEAKER: Abhay Bhargav is the CTO of we45, a focused Application Security company. He is the author of two international publications. "Secure Java for Web Application Development” and “PCI Compliance: A Definitive Guide”. Abhay is a builder and breaker of applications and has authored multiple applications in Django and NodeJS. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world’s first hands-on Security in DevOps training that has been delivered in multiple locations, as highly successful training programs at the OWASP AppSec USA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on DevSecOps at DEFCON 25. In addition, Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ABOUT OUR SPONSORS ABOUT SHOPKEEP Everything ShopKeep does supports growing and independent businesses. Built by and for small business owners, ShopKeep provides an intuitive, secure, iPad point-of-sale system with POS software that empowers merchants to run smarter businesses by optimizing staffing, managing inventory and accessing real time sales reports and customer information on one seamless, cloud-based platform. With more than 23,000 customers, ShopKeep’s award-winning customer care team is available to help 24/7 and provides a robust support network for growing business owners. Ranked one of the fastest growing North American tech companies by Deloitte and a member of Apple’s Mobile Partnership Program, ShopKeep is headquartered in New York, with offices in Portland, Chicago, and Belfast. Follow @ShopKeepTech ( on Twitter, join the discussion on the ShopKeep blog ( or visit to learn more about ShopKeep’s POS system.


460 Park Avenue South · New York, NY

Respond by: 8/15/2018

    Past Meetups (47)

    What we're about

    Step 1) Commit your code to the repository.

    Step 2) ???

    Step 3) Production / Profit!

    CDNYC aims to shed light on step 2; everything from systems engineering to automated regression testing to configuration management. We aim to provide information on how to deploy code faster and more reliably for quicker development cycles. We want to allow engineers to become force multipliers on their development teams through automation. Consider attending one of our monthly Meetups to learn more about how you can become a more efficient software engineer.

    Members (3,491)

    Photos (31)