Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure Your Pipeline


Published on

Writing good code is a challenge. Writing a code that is working, maintainable and secure is very hard to achieve. This is why we need automation – to spot the issues we missed. Tools like unit tests, code coverage or security tests can help detect various issues and help us write better code. This talk will focus on security tests – what kinds of tests exist? What value they have? And most important, what tools what can use to start running these tests today?

> The talk will contain a live (and hopefully interactive) demo of the tools, to demo what issues they can detect. All the tools that I’ll discuss are free OSS software that you can start using today.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Secure Your Pipeline

  1. 1. Secure Your Pipeline Omer Levi Hevroni @omerlh @SolutoEng
  2. 2. @omerlh Wr i t i n g S e c u re C o d e i s H a rd
  3. 3. @omerlh A l l i s G o o d Yo u C a n P u b l i s h
  4. 4. I’m a builder @omerlh
  5. 5. AppSec @ @omerlh
  6. 6. I OWASP • Zap contributor • Proud member • Glue project leader @omerlh
  7. 7. @omerlh What Security Tests do We Need?
  8. 8. @omerlh
  9. 9. @omerlh Wait, What About the Pipeline?
  10. 10. Wra p p i n g U p @omerlh Test Type Tool Name Static Analysis NodeJSScan Dynamy Analysis OWASP Zap Packages NPM audit/Snyk
  11. 11. Q u e st i o n s ? @omerlh
  12. 12. @omerlh Feedback is much appreciated!
  13. 13. @omerlh Wr i t i n g S e c u re C o d e i s H a rd
  14. 14. @omerlh
  15. 15. Thank You Omer Levi Hevroni December 2018 @omerlh