Die unabhängige Konferenz zu Software-Qualität
03. - 04. Mai 2022
03. - 04. Mai 2022
Konferenzprogramm
Die im Konferenzprogramm des GTD 2022 angegebenen Uhrzeiten entsprechen der Central European Time (CET).
Gerne können Sie die Konferenzprogramm auch mit Ihren Kolleg:innen und/oder über Social Media teilen.
Der Track+ besteht aus Präsentationen der Sponsoren und unterliegt somit nicht der Qualitätssicherung des Conference Boards.
Bitte beachten Sie, dass es für vereinzelte Workshops ggf. eine Teilnehmendenbeschränkung gibt. Weitere Infos hierzu finden Sie in den Workshop-Beschreibungen.
Konferenzprogramm 2022
SAST / DAST / IAST / RASP putting DevSecOps on steroids - Four fists and a Hallelujah
Continuous Security testing is becoming more and more a key factor for success. Especially if we consider that the development and release process is speeding up enormously. Just imagine that your potential shippable product is going to production with a huge vulnerability or a back door open. The damage to your company and bad reputation would be even not measurable.
So how can we avoid this? How can we build- security -in? Let's leave the stone age behind, break down the security silo. In my talk I will show you how the four fists get implemented in your DevSecOps team and how they will improve your product's quality!
Target Audience: Testers, Developers, Product Owner, decision makers
Prerequisites: none
Level: Advanced
Extended Abstract:
Continuous Security testing is becoming more and more a key factor for success. Especially if we consider that the development and release process is speeding up enormously. Just imagine that your potential shippable product is going to production with a huge vulnerability or a back door open. The damage to your company and bad reputation would be even not measurable.
So how can we avoid this? How can we build- security -in? Let's leave the stone age behind, break down the security silo and implement DevSecOps.
During my talk, I will tell you where you can implement and improve security testing. What different kinds of functional and non-function security testing methods are available and what are the low-hanging fruits.
On a high level, I will explain SAST / DAST / IAST / RASP and how your team could implement these methods with examples. Then I will lift it to the next level and show how you can add
security testing to your pipeline to get fast feedback to fix the vulnerabilities at a very early stage (shift left). By showing where to implement security tests in your software development lifecycle, I will explain where it makes sense
to have security as a deep skill part of your team and go for DevSecOps!
After I increased our transparency of security and showed you how to deal with 'the four fists', I will close my talk by presenting the 10 successful steps to DevSecOps.
Matthias Zax arbeitet als Agile Engineering Coach bei Raiffeisen Bank International AG (RBI). Eigentlich gelernter Software Developer und '#developerByHeart, beschäftigt er sich seit 2018 mit dem Testen von Software mit Schwerpunkt Testautomation im DevOps Umfeld und organisiert die RBI Testautomation Community of Practice.
