(Automated) Security Testing in a DevOps world
A successful DevOps culture should value the topic security as a self-evident aspect of a holistic software development life cycle. Just as we’ve learned that topics such as testing, operations or design are best tackled in a cross functional team as a part of an integrated development process, we now must understand, that an over-the-shoulder approach regarding security doesn’t work in times of continuous delivery and continuous deployment.
We will be showing how to integrate static analysis, as well as dynamic application security testing into a Java build pipeline, using open source tools like OWASP Dependency Check, OWASP ZAP, FindBugs, Docker, Testcontainers and Gitlab. There will be no silver bullets presented in this talk, but we will find out why we should care about security in our applications and what challenges are still lying ahead of us.