Panel Discussion: Application Security Testing

Rate this content
Bookmark

FAQ

Application security testing involves the process of making applications more secure by identifying and fixing security vulnerabilities.

The panelists were Scott Gerlach, Sam, Liren Yaron, and Bar.

DevSecOps is the integration of security into the DevOps pipeline, ensuring that security is a shared responsibility across development and operations teams.

Automation is crucial in DevSecOps because it helps integrate security into the development pipeline seamlessly, allowing for faster and more secure software delivery.

Common pain points include technical challenges, such as compatibility with different frameworks, and cultural challenges, such as resistance from developers to adopt new security practices.

The panelists recommended several OWASP projects including OWASP ZAP, OWASP Dependency-Check, OWASP Threat Dragon, and OWASP Cornucopia.

Security testing can become less of a burden by using developer-focused tools and integrating security into the development process in a way that is seamless and understandable for developers.

Scott Gerlach is the CSO and Co-founder at StackHawk, Sam is an independent application security consultant, Liren Yaron is a developer advocate at Snyk, and Bar is the CTO and co-founder of Neuralegion.

Culture is essential in DevSecOps as it promotes the idea that security is everyone's responsibility, ensuring that security practices are integrated into the development and operations processes.

OWASP (Open Web Application Security Project) is an organization that provides free and open resources focused on improving the security of software. It is related to application security through its various projects and tools that help identify and mitigate security vulnerabilities.

Scott Gerlach
Scott Gerlach
Vandana Verma
Vandana Verma
Liran Tal
Liran Tal
Sam Stepanyan
Sam Stepanyan
30 min
15 Jun, 2021

Comments

Sign in or register to post your comment.

Video Summary and Transcription

The panel discussion on application security testing covered various perspectives on DevSecOps, emphasizing the importance of shifting security left and the role of automation. Collaboration between developers and security teams was highlighted, as well as the need for developer-friendly security tooling. Pain points in integrating security testing early in the pipeline were discussed, including technical and cultural challenges. Open source project recommendations for building a secure pipeline were also provided.

1. Introduction to Panel Discussion

Short description:

Thank you for joining us today at the panel discussion on application security testing. We have some amazing guests as panelists. Let me introduce myself. I work for a multinational company and also contribute to pro bono work and diversity initiatives.

So, hi everyone. Thank you for joining us today at the panel discussion on application security testing. And as we mentioned, application security testing is one of the very important topics and stay tuned. We have some really amazing guests with us as the panelists. And I'm going to request all the panelists to introduce themselves one by one. And before that, let me introduce myself. My day's job is with one of the multinational companies. Apart from that in my free time I spend on pro bono work, where I am one of the global Board of Directors for OWASP, as well as I run some diversity initiatives with InfoSec girls, InfoSec kids, and some other initiatives.

2. Introduction of Panelists

Short description:

Now I'll introduce our panelists. Scott Gerlach, CSO and Co-founder at StackHawk, will share briefly. Sam, an independent application security consultant, will also speak. Liren, a developer advocate at Snyk, and Bar, the CTO and co-founder of Neuralegion, will join the discussion on application security testing.

Now I'll head on to our panelists, where I'll ask them to share a few words about themselves so that the audience can get to know them. I will start off with Scott. Scott, over to you.

Awesome. Thanks, Pedona. I'm Scott Gerlach, CSO and Co-founder at StackHawk, which is a developer-focused, dynamic application security tool. I'm going to keep mine a little short because I know we're kind of tight on time and I want to get to this really great content. Thank you. Sam, over to you.

Hi, I'm Sam and I'm an independent application security consultant by day, and in my spare time, just like you, I do pro bono work and do volunteering for OWASP. I'm an OWASP London chapter leader and I also lead a couple of OWASP projects as well. That's it for me. Thank you. Over to you, Liren.

Hey, everyone. My name is Yaron. I'm a developer advocate at Snyk where we help developers build open source in a secure way. That's it. Over to you, Bar.

Hi everyone. I'm Bar. I'm a security researcher, hacker, developer, and software architect. I'm the CTO and co-founder of Neuralegion. We're doing zero false positive application security testing for developers. Great to be here. Thank you. Thank you. And we are glad to have you all here with us. And now I will straight head to the panel discussion and start like we will start the discussion around application security testing.