Most of you are probably familiar with Mike Cohn’s test pyramid and already practice test-driven development in your projects.
But does your test pyramid also include application security checks?
Continuous application security is becoming increasingly important, especially in the context of agile development with continuous delivery. The pattern of penetration testing before going live, which is still practiced today, no longer works. Instead, security must be continuously verified for each increment over and over again.
In this presentation, we will look at the entire test pyramid from the security perspective. We will see how to improve the security level in applications by adding effective security tests at each level of the pyramid. So it is possible to cover a significant portion of the OWASP Top 10 security categories with automated tests. This is illustrated by live demos showing tests for authentication, authorization, input validation, and SQL injections, among others.
Talk language: English
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. Here, he has been working on various projects as an architect, coach, or developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID Foundation, he also likes to deal with all aspects of application security.
18:00: Talk – The Security Testing Pyramid for Developers