Security Testing in Continuous Integration

Everyday we hear news about new vulnerabilities and exploits, with effects threatening the user data and the existence of whole companies. To protect ourselves and our systems, we need to make sure to create and use up to date software. We can enhance our existing tooling with frameworks that automatically scan for known vulnerabilities in dependencies, containers and (web) APIs within our existing development and operation cycles.

The double feature talk will cover open source frameworks and showcase their usage and benefits in a live demo, using OWASP dependency-check, CoreOS Clair and OWASP ZAProxy.

Arnold Franke is a Software Engineer at synyx. He has a fable for Clean Code, Modularization, Quality and Extreme Programming.

Christian Kühn is a Systems Engineer at synyx, "stuck half-way on his journey from ops to dev” mostly dealing with Java, all things cloud related and Security. Besides he is a Co-Organizer of the DevOpsMeetup Karlsruhe.