Adding DAST to CI/CD, Without Any Losing Friends

Recordings

https://www.youtube.com/watch?v=rF4LM63a_4s

View Recording

Abstract

Everyone wants to put tests into the release pipeline, but no one wants to wait hours for them to finish.
In this talk we will discuss multiple options for adding dynamic application security testing (DAST) to your CI/CD, in ways that won’t compromise speed or results, such as limiting scope, using HAR files, using test subsets, etc.
We will also cover several other options for automation of finding vulnerabilities in your web apps and APIs, all at the speed of DevOps.

Tanya Janca

@shehackspurple

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.