STAREAST 2021 Tutorial: Application Security Tools for Continuous Testing

Conference archive

Monday, April 26, 2021 - 2:00pm to 5:30pm

Application Security Tools for Continuous Testing

There are lots of tools out there to support security testing activities. You’ve probably seen some of the acronyms used to describe them when looking at marketing material or reading about application security - SAST, DAST, IAST, RASP, etc. But the question is always which tools to use where within your testing process. This is particularly important in a DevOps model where continuous testing is used to continuously validate code as it changes. Selecting the wrong tools or using them at the wrong place can impact your delivery process significantly. In this tutorial, Jeffery Payne discusses the various types of security tools available and how they are typically used within a rigorous continuous testing process. Key types of security testing are explained with a focus on where to apply what tooling. Demonstrations are given of various open-source and commercial tools to show how they work and what the pros and cons of each type of security testing is. Learn all about security testing tools during this tutorial. Take home valuable information on what tools fit where in a continuous testing process.

Jeff Payne

Jeffery Payne is CEO and founder of Coveros, Inc., a consulting company that helps organizations accelerate delivery using agile methods. Since its inception in 2008, Coveros has become a market leader in agile and DevOps engineering while being recognized by Inc. Magazine as one of the fastest growing private companies in the country. Prior to founding Coveros, Jeffery was Chairman of the Board, CEO, and co-founder of Cigital, Inc., a market leader in software security consulting. Mr. Payne has published over 30 papers on software development and testing as well as testified before Congress on issues of national importance, including intellectual property rights, cyber-terrorism, and software quality.