Skip Main Navigation
Page Content
This event has ended

OWASP Helsinki chapter meeting #24

OWASP Helsinki

Tuesday, March 25, 2014 from 5:00 PM to 7:30 PM (EET)

OWASP Helsinki chapter meeting #24

Ticket Information

Type End Quantity
OWASP meeting #24 participation Ended Free  

Who's Going

Loading your connections...

Share OWASP Helsinki chapter meeting #24

Event Details

The next OWASP chapter meeting will be held on March 25th. Theme of this event is security testing in DevOps.

Location: F-Secure, Tammasaarenkatu 7, Ruoholahti, Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.

Agenda:
17:00 Coffee and registration
17:20 Welcome /Petteri Arola, OWASP
17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori
18:00 Continuous Security Testing in a Devops World /Stephen de Vries
19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä
19:30 Time to go to pub (Amsterdam) and continue discussion there

This event is open and free for all.

Please register by Friday March 21st.

 

Abstract: Continuous Security Testing in a Devops World

Devops and Continuous Integration practices present unique challenges to security testing. While functional testing is largely automated, in-depth application security testing is still largely a manual affair. Application security scanning can readily be automated, but relying only on "scanning" can provide a skewed and superficial security view of the application.

This talk will present the BDD-Security framework which is designed to address the challenge of scriptable and repeatable application security testing. The framework allows developers and security teams to:
a) Specify the security requirements in a human readable form up front
b) Make those same requirements executable tests that can be run against a target application
c) Record and test business logic vulnerabilities
c) Integrate these tests into continuous integration and continuous deployment environments so that security testing can be performed continuously and on-demand.
d) Get started with a pre-written baseline of security tests that can mostly run un-edited on the majority of web applications

The BDD-Security framework is a testing framework built on JBehave, Selenium and OWASP ZAP that translates the world of security requirements into something that developers understand: executable tests, written in a natural language.

The talk will include a live demonstration of configuring and running the BDD-Security framework to test a web application and will also show how to integrate it with the Jenkins CI server so that security tests are run after every new code commit.

Have questions about OWASP Helsinki chapter meeting #24? Contact OWASP Helsinki

When & Where

F-Secure, Tammasaarenkatu 7, Ruoholahti, Helsinki


Tuesday, March 25, 2014 from 5:00 PM to 7:30 PM (EET)


  Add to my calendar

Organizer

OWASP Helsinki

  • OWASP: https://www.owasp.org
  • OWASP Helsinki: https://www.owasp.org/index.php/Helsinki
  • petteri.arola(at)owasp.org
  Contact the Organizer

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.