STARWEST 2019 - Security Testing
Wednesday, October 2
Continuous Application Security Testing
PreviewBecause of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company, and they may be brought in to perform a point-in-time assessment prior to a release. Your team is interested in implementing continuous deployment, and automation seems like the obvious answer. But when attempting to automate your security tests, you may run into a wide variety of challenges beyond simply adding a tool into your build system. Josh Gibbs will discuss how to choose what to test, how to avoid slow tests, how to keep...
Thursday, October 3
Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development
PreviewImplementing application security (AppSec) programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming. And with the countless number of customizable build, task-tracking, and CI integration systems available, many companies don’t know where to begin implementation of DevSecOps. Join Dennis Hurst as he shares the knowledge necessary to wield powerful AppSec tools based on his experience with a variety of large corporate clients. Dennis will discuss common pitfalls and...
Connected Cybersecurity: Stories from the IoT Hall of Shame
PreviewThe amount of IoT software in everyday things is growing at an alarming rate. Some cars now have over 100 million lines of code. Software exists in everything from our home security systems and thermostats, our televisions and phones, our children’s toys, and our cars to the systems we rely on every day but don’t think about, like our water supply, electricity, and power plants. Unfortunately, the amount of security testing being done on these devices is not growing at the same rate, as evidenced in the so-called IoT Hall of Shame, which keeps a running account of IoT...