STAREAST 2018 Concurrent Session : Automated Security Scanning for Your Delivery Pipeline

Conference archive

SEE PRICING & PACKAGES

Wednesday, May 2, 2018 - 11:30am to 12:30pm

Automated Security Scanning for Your Delivery Pipeline

Add to calendar

Agile development and DevOps depend on an automated pipeline to build, test, and deploy code quickly. Security is all too often viewed as a manual task that is too difficult to automate and something to be left for later—not a good decision! Matt Grasberger says that, by leveraging automated security scans with open source scanners, you can reduce the risk of security vulnerabilities, get the most out of your pipeline, and increase software quality. Matt thoroughly explains and demonstrates several ways to implement automated security scans. Discover how to quickly test endpoints against SQL injection with sqlmap, an open source penetration test tool. Explore how you can identify common vulnerabilities with OWASP ZAP, an open source web application scanner with scripting capabilities. See how you can apply these free or low-cost tools to introduce baseline security scanning into your DevOps pipeline.

Matthew Grasberger
Coveros, Inc.

Matthew Grasberger is an associate consultant at Coveros with a specialty in DevOps engineering, test automation, and security automation. He works with clients to build and develop robust test automation suites that are integrated into DevOps pipelines based on industry leading practices. In addition, Matt has leveraged open source security tools like OWASP ZAP to automate routine security scans, adding value in the form of software quality and application security.