Skip to content

Adding SAST to CI/CD, Without Losing Any Friends

Photo of Adrian Winckles
Hosted By
Adrian W.
Adding SAST to CI/CD, Without Losing Any Friends

Details

Hosted by the Cyber Security & Networking Research Group, Anglia Ruskin University, OWASP (Open Web Application Security Project) Cambridge Chapter, & BCS Cybercrime Forensics SG

Background

The BCS – Chartered Institute for IT - Cybercrime Forensics Special Interest Group (SG) promotes Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those groups and of the wider public.

OWASP (Open Web Application Security Project) is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.

The Cyber Security and Networking (CSN) Research Group at Anglia Ruskin University has close working strategic relationships with industry, professional bodies, law enforcement, government agencies and academia in the delivery of operationally focused applied information and application security research. We have strong international links with professional organisations such as OWASP, BCS, ISC2, CIISec & the Cyber East Cluster amongst others. The primary aims of CSNRG are to help the UK and partner nations to tackle cybercrime, be more resilient to cyber attacks and educate its users for a more secure cyberspace and operational business environment.

Abstract : Adding SAST to CI/CD, Without Losing Any Friends

Everyone wants to put tests into the release pipeline, but no one wants to wait hours for them to finish. In this learning lab we will discuss multiple options for adding static application security testing (SAST) to your CI/CD, in ways that won’t compromise speed or results, such as learning which results can be safely ignored, writing your own rules, company-specific checks, scanning PRs instead of commits, splitting blocking scans versus deep audit scans, etc. We will also cover ways to continuously find vulnerabilities.

Provisional Agenda

16:45 - Webinar waiting lobby opens
17:00 - Start of Presentation
17:50 – Questions & Answers

Events in OWASPSoftware Security
White Hat HackingInformation SecurityOpen Source
Photo of OWASP Cambridge Chapter group
OWASP Cambridge Chapter
See more events
OWASP Cambridge Chapter
Photo of OWASP Cambridge Chapter group
Online event
This event has passed
Photo of OWASP Cambridge Chapter group
OWASP Cambridge Chapter
public group