The Security Testing Pyramid for Developers
Most of you are probably familiar with Mike Cohn's test pyramid and already practice test-driven development in your projects.
But does your test pyramid also include application security checks?
Continuous application security is becoming increasingly important, especially in the context of agile development with continuous delivery. The pattern of penetration testing before going live, which is still practiced today, no longer works. Instead, security must be continuously verified for each increment over and over again.
In this presentation, we will look at the entire test pyramid from the security perspective. We will see how to improve the security level in applications by adding effective security tests at each level of the pyramid. So it is possible to cover a significant portion of the OWASP Top 10 security categories with automated tests. This is illustrated by live demos showing tests for authentication, authorization, input validation, and SQL injections, among others.
About the Speaker:
*********************
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. Here, he has been working on various projects as an architect, coach, or developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID Foundation, he also likes to deal with all aspects of application security.
Смотрите видео The Security Testing Pyramid for Developers by Andreas Falk онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SBA Research 06 Июнь 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 17 раз и оно понравилось людям.