Security Testing in Continuous Integration

Details

We hear news about new vulnerabilities and exploits on a daily basis, with effects threatening the user data and the existence of whole companies. To protect ourselves, our systems and our customers, we need to make sure to create and use up-to-date software and systems. We can enhance our existing tooling with frameworks that automatically scan for known vulnerabilities in dependencies, containers and (web) APIs within our existing development and operation cycles.

We will run two talks that will cover basic principles of security testing, using open source frameworks and showcase their benefits in a live demo. We will show OWASP dependency-check, CoreOS Clair and OWASP ZAProxy (and maybe more).

We are two developers without a real security background, and we want to inspire the listeners to improve their software and their skillset without much hassle and time expenditure.

Arnold Franke is a Software Engineer at synyx. He loves Clean Code, modular design, quality and XP. (Twitter: @indyarni)

Christian Kühn is a System Developer at synyx, working on Java, cloud stuff and automation, currently focusing on information security.
He also co-organizes the DevOps Meetup Karlsruhe. (Twitter: @CYxChris)