Security Testing Automation for Developers on Every Build

Rate this content
Bookmark

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases, especially with graphQL...but it doesn't have to...

NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down.

Join this workshop to learn different ways developers can access NeuraLegion's DAST scanner & start scanning without leaving the terminal!

We will be going through the set up end-to-end, whilst setting up a pipeline for a vulnerable GraphQL target, running security tests and looking at the results.

Table of contents:
- What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
- See where and how a modern, accurate dev-first DAST fits in the CI/CD
- Integrate NeuraLegion's scanner with GitHub Actions
- Understand how modern applications, GraphQL and other APIs and authentication mechanisms can be tested
- Fork a repo, set up a pipeline, run security tests and look at the results

This workshop has been presented at GraphQL Galaxy 2021, check out the latest edition of this Tech Conference.

FAQ

The main focus of the workshop is on security testing automation for developers with a specific emphasis on GraphQL, aiming to integrate security testing into every build process.

The key speakers at the workshop are Olly Morodov, the VP at Neuralegion, and Bar Hofves, the CTO and cofounder of Neuralegion.

Participants can ask questions by putting them in the chat during the workshop or on the dedicated Discord channel for GraphQL Galaxy. The team will monitor both platforms to address queries.

The Neuralegion platform is a developer-focused Dynamic Application Security Testing (DAST) tool designed to scan web apps, APIs (REST, SOAP, GraphQL), and server-side mobile applications, integrating security testing directly into the developers' workflow.

Neuralegion's technology focuses on no false positives, providing clear, actionable results with remediation guidelines. This is achieved by automatically validating each detected vulnerability, ensuring the results are reliable and trustworthy.

Neuralegion's DAST tool can test web applications, APIs (including REST, SOAP, and GraphQL), server-side mobile applications, and their corresponding APIs, supporting a broad range of application architectures.

Key benefits include the ability to integrate DAST into the CI/CD pipeline, support for multiple authentication mechanisms, scan optimizations for efficient testing, and a strong focus on reducing false positives to streamline security workflows.

To sign up and start using Neuralegion, go to app.neuralegion.com/sign_up and create a free account. You can then follow the onboarding process to set up your environment and begin security testing.

Oliver Moradov
Oliver Moradov
Bar Hofesh
Bar Hofesh
82 min
14 Dec, 2021

Comments

Sign in or register to post your comment.

Video Summary and Transcription

This workshop focuses on security testing automation for developers, with a specific emphasis on GraphQL. Neuralegion offers a comprehensive security testing solution for developers, supporting various types of applications and providing actionable results with remediation guidelines. The tool integrates seamlessly into CI/CD pipelines and prioritizes accuracy by minimizing false positives. Support and assistance are available 24/7, and the tool provides detailed information about findings and multiple ways to copy requests for debugging. Overall, the workshop highlights the importance of putting security testing into the hands of developers and offers practical solutions to integrate security into the development process.

1. Introduction to Security Testing Automation

Short description:

Thank you for joining this workshop on security testing automation for developers. Today, we will have a specific focus on GraphQL. We will start with a brief introduction and then jump into a hands-on technical workshop. Feel free to ask questions in the chat or on our Discord.

So, thank you to those for joining this workshop on security testing automation for developers on every build. And, obviously, with this being GraphQL Galaxy, we're gonna have a specific focus on GraphQL. But I suppose for the purpose of those of us who are already using GraphQL using JavaScript, we're going to focus specifically on GraphQL as a tool for searching, but for the purpose of this introduction that I'll start off with.

And I will actually go through an agenda, so let's perhaps not ruin that. But my name's Olly Morodov, VP here at Neuralegion. And we're joined today by Bar Hofves, who you can see, who's our CTO and cofounder. So, I don't know if you want to say hello, Bar, but… Hi, everyone. There you go, so you can differentiate our voices at the very least.

So, what are we going to be looking at today? So, we're going to do a very, very brief intro. What we want to do is get very hands-on, we want to get technical, we want to jump straight into this hands-on technical workshop with you. But, let's just set the scene at the very least. I'll give a very, very brief intro into why security testing is important, what is DevFirst, DAST, and the Neuralegion platform. Platform, and then we'll just jump straight into the hands-on workshop. So, if you do have any questions, by the way, do please feel free to put them either in the chat, or one thing that I will be keeping an eye on more is going to be our Discord.

QnA