Web Applications Automated Security Testing in a Continuous Delivery Pipeline

Fedir RYKHTIK
Workshop
Intermediate
DevOps
Room
Magallanes

Testing websites during the development, delivery and maintenance phases has become an important part of the website lifecycle and is the way to improve overall quality of the project. Code quality and maintainability are increased by adopting testing strategies that stresses unit tests, integration tests and acceptance tests throughout the project. But these tests are rarely include security tests. Implementing security tests could improve the overall quality of website, and reduce the number of vulnerabilities in web applications, and consequently, the associated risks.

In this tutorial we will discover the most frequent vulnerabilities using a multitude of Kali Linux tools and “Drupalxploitable” (purposefully vulnerable Drupal installation) virtual machines with objective to show, how to avoid most common risks how to develop more secure applications.

UPDATE (post-workshop) : the slides could be found here https://speakerdeck.com/fedir/ddd17-web-applications-automated-security…

Additional video of Jenkins & OWASP ZAP configuration will be published ASAP.

Platinum sponsors

  • ibuildings

Gold sponsors

  • comvive
  • Platform.sh
  • Cocomore
  • Drupalera

Silver sponsors

Bronze sponsors