BSidesIOWA 2015 Track1: Integrating Vuln Scanning into the SDLC by Eric Johnson

The Agile and DevOps software development lifecycles present interesting challenges for application security. How can security keep up with the rapid development cycles, constantly changing code base, and continuous deployment schedules? The answer lies with an automated security framework that is integrated into the development lifecycle. This presentation will demonstrate how to integrate a new application security testing framework into your build environment. Popular open-source vulnerability scanners, such as the Zed Attack Proxy (ZAP), will be leveraged to provide real-time feedback to development teams, allowing them to remediate vulnerabilities before they reach production.