Introducing Security Testing to Developers: Experiences and Lessons Learned

Achim D. Brucker

It is commonly accepted that security testing should be applied as early as possible in the software development life-cycle. This requires selecting application security testing tools that are easy to use for developers and, thus, developers should participate in the selection and roll-out of such tools. In this talk, I will provide and overview what one can expect from (commercial) application security testing tools and report on my experience on introduction them in a large development organisation (over 25000 developers) that uses a wide range of development methodologies ranging from smaller teams with multiple shipments per day to large organisations following a traditional model with quarterly or yearly releases.


QR Code for talk:brucker.ea:cx-security-testing:2017.Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker. Introducing Security Testing to Developers: Experiences and Lessons Learned. Checkmarx Security Conference, 1. dec. 2017.
(Folien) (Handout) (BibTeX) (Share article on LinkedIn. Share article on CiteULike.)

@Talk{ talk:brucker.ea:cx-security-testing:2017,
abstract = {It is commonly accepted that security testing should be applied as early as possible in the software development life-cycle. This requires selecting application security testing tools that are easy to use for developers and, thus, developers should participate in the selection and roll-out of such tools. In this talk, I will provide and overview what one can expect from (commercial) application security testing tools and report on my experience on introduction them in a large development organisation (over 25000 developers) that uses a wide range of development methodologies ranging from smaller teams with multiple shipments per day to large organisations following a traditional model with quarterly or yearly releases.},
author = {Achim D. Brucker},
day = {1},
event = {Checkmarx Security Conference},
handout = {},
isodate = {2017-12-01},
lecturer = {Achim D. Brucker},
location = {Tokyo, Japan},
month = {dec},
slides = {},
title = {Introducing Security Testing to Developers: Experiences and Lessons Learned},
url = {},
year = {2017},