Nenad Pavićević

Novomatic Lottery Solutions

Continuous Security Testing - Automating your AppSec Program

Security testing is imperative in web based software solutions, and seeing as the industry is striving towards the practice of continuous delivery, the need arises to include security testing in that process as much as possible.

Full abstract

There is a large variety of very powerful penetration testing tools out there. Those tools should be used as much as possible as they are proven in the field and widely used and recommended. Some frameworks utilize many of those tools by adapting them to be used in the security test automation. Also tools such as dependency checkers and static analysis tools can be customized and included in the continuous security testing process.

The aim here is to integrate the finding of security issues according to a standard (for example OWASP ASVS), into the continuous delivery process and report them accordingly within the software vulnerability management system and/or issue tracking system. By implementing continuous security testing within your continuous delivery process you ensure that at least some of most common security flaws could be avoided.