App Security Automation in Continuous Delivery pipelines - DevSecOps FTW

This is a past event

126 people went

Location image of event venue

Details

ABSTRACT
Scalable and Comprehensive Application Security is an essential requirement, especially for DevOps and rapid-release applications. However, most environments today find it challenging to successfully incorporate a robust and resilient Application Security practice into their Continuous Delivery Pipeline.

This session will address different techniques and integration practices that can be used to automate Application Vulnerability Assessments, married with Functional Testing (for Web Services and Single Page Apps) for SAST, DAST and SCA. The session will be replete with demos and case examples with minimal theory coverage only used to support the concept of Application Security Automation.

The talk will delve into:
• Integrating Functional Test Automation and End-to-End Tests with Selenium (multiple implementations), Robot Framework, Nightwatch.js, Chai.js etc. to perform Security Testing
• Performing Automated, Authenticated and Parameterized Vulnerability Assessments against Web Apps and Web Services by leveraging tools like OWASP ZAP and BurpSuite Pro
• Leveraging Functional Test Automation to conduct security testing of Microservices and Serverless applications

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

SPEAKER:
Abhay Bhargav is the CTO of we45, a focused Application Security company. He is the author of two international publications. "Secure Java for Web Application Development” and “PCI Compliance: A Definitive Guide”. Abhay is a builder and breaker of applications and has authored multiple applications in Django and NodeJS. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework.

He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world’s first hands-on Security in DevOps training that has been delivered in multiple locations, as highly successful training programs at the OWASP AppSec USA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on DevSecOps at DEFCON 25. In addition, Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ABOUT OUR SPONSORS

ABOUT SHOPKEEP
Everything ShopKeep does supports growing and independent businesses. Built by and for small business owners, ShopKeep provides an intuitive, secure, iPad point-of-sale system with POS software that empowers merchants to run smarter businesses by optimizing staffing, managing inventory and accessing real time sales reports and customer information on one seamless, cloud-based platform. With more than 23,000 customers, ShopKeep’s award-winning customer care team is available to help 24/7 and provides a robust support network for growing business owners. Ranked one of the fastest growing North American tech companies by Deloitte and a member of Apple’s Mobile Partnership Program, ShopKeep is headquartered in New York, with offices in Portland, Chicago, and Belfast.

Follow @ShopKeepTech (https://twitter.com/shopkeeptech) on Twitter, join the discussion on the ShopKeep blog (https://www.shopkeep.com/blog) or visit http://www.shopkeep.com to learn more about ShopKeep’s POS system.