Introducing Security Testing to Developers: Experiences and Lessons Learned

by Achim D. Brucker

It is commonly accepted that security testing should be applied as early as possible in the software development life-cycle. This requires selecting application security testing tools that are easy to use for developers and, thus, developers should participate in the selection and roll-out of such tools. In this talk, I will provide and overview what one can expect from (commercial) application security testing tools and report on my experience on introduction them in a large development organisation (over 25000 developers) that uses a wide range of development methodologies ranging from smaller teams with multiple shipments per day to large organisations following a traditional model with quarterly or yearly releases.

Keywords:
Categories:
Documents:

QR Code for talk:brucker.ea:cx-security-testing:2017.Please cite this article as follows:
Achim D. Brucker. Introducing Security Testing to Developers: Experiences and Lessons Learned. Checkmarx Security Conference, 1. dec. 2017.
(slides) (handout) (BibTeX) (Share article on LinkedIn. Share article on CiteULike. )

BibTeX
@Talk{ talk:brucker.ea:cx-security-testing:2017,
abstract = {It is commonly accepted that security testing should be applied as early as possible in the software development life-cycle. This requires selecting application security testing tools that are easy to use for developers and, thus, developers should participate in the selection and roll-out of such tools. In this talk, I will provide and overview what one can expect from (commercial) application security testing tools and report on my experience on introduction them in a large development organisation (over 25000 developers) that uses a wide range of development methodologies ranging from smaller teams with multiple shipments per day to large organisations following a traditional model with quarterly or yearly releases.},
author = {Achim D. Brucker},
day = {1},
event = {Checkmarx Security Conference},
handout = {https://www.brucker.ch/bibliography/download/2017/talk-brucker-cx-security-testing-2017-2x2.pdf},
isodate = {2017-12-01},
lecturer = {Achim D. Brucker},
location = {Tokyo, Japan},
month = {dec},
slides = {https://www.brucker.ch/bibliography/download/2017/talk-brucker-cx-security-testing-2017.pdf},
title = {Introducing Security Testing to Developers: Experiences and Lessons Learned},
url = {https://www.brucker.ch/bibliography/abstract/talk-brucker.ea-cx-security-testing-2017},
year = {2017},
}