DevOps Stuttgart: Security Testing in Continuous Integration

We hear news about new vulnerabilities and exploits on a daily basis, with effects threatening the user data and the existence of whole companies. To protect ourselves, our systems and our customers, we need to make sure to create and use up-to-date software and systems. We can enhance our existing tooling with frameworks that automatically scan for known vulnerabilities in dependencies, containers and (web) APIs within our existing development and operation cycles.

We will run two talks that will cover basic principles of security testing, using open source frameworks and showcase their benefits in a live demo. We will show OWASP dependency-check, CoreOS Clair and OWASP ZAProxy (and maybe more).

We are two developers without a real security background, and we want to inspire the listeners to improve their software and their skillset without much hassle and time expenditure.