This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2014

29th April 2014 (that’s a Tuesday)
Kensington and Chelsea Town Hall, Hornton Street, London, W8 7NX
View analytic
Tuesday, April 29 • 2:00pm - 3:00pm
Continuous Security Testing in a Devops World LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Limited Capacity seats available

Devops and Continuous Integration practices present unique challenges to security teams, such as when to perform a penetration test when new code is deployed to production hundreds of times per day? In order to match the speed of development, security teams need to rethink their approach to testing.

This talk will present the BDD-Security framework which is designed to solve some of these challenges by providing security teams and developers with the tools to:
a) Specify the security requirements in a human readable form
b) Make those same requirements executable tests that can be run against a target application
c) Record and test business logic vulnerabilities
c) Integrate these tests into continuous integration and continuous deployment environments so that security testing can be performed continuously and on-demand.

The BDD-Security framework is not a web scanner. It is a testing framework built on JBehave, Selenium and OWASP ZAP that translates the world of security requirements into something that developers understand: executable tests, written in English.

The talk will include a live demonstration of configuring and running the BDD-Security framework to test a web application and will also show how to integrate it with the Jenkins CI server so that security tests are run after every new code commit.

avatar for Stephen de Vries

Stephen de Vries

Founder, CEO, Continuum Security SL
Stephen is the founder of Continuum Security and focussed on building AppSec tools to support security in the SDLC, including the IriusRisk threat modeling tool and BDD-Security open source security testing framework. | | His background is in software development and security testing of web and mobile applications. He has worked at Corsaire, KPMG and on the ISS/IBM X-Force team and contributed to the OWASP Java project, ASVS and the testing... Read More →

Tuesday April 29, 2014 2:00pm - 3:00pm
Small Hall The Town Hall, Hornton Street, London W8 7NX