Automating Web security testing

Track 2
4:40 PM - 5:25 PM

In today's "release first, fix later" IT landscape, security testing is often seen as a painful and labor-intensive process, and as such is often postponed, deprioritized and considered a pain in the neck, even though almost everyone agrees on its importance. While unfortunately sometimes these assumptions are correct, some degree of automation is possible even for security testing. The purpose of this talk is to introduce the "state-of-the-art" practices with regards to automated security testing and to define the current limits of what's possible and what's still out of reach. Finally, the talk will conclude with examples of security tests, integrated in the continuous delivery paradigm.