
By Achim D. Brucker, Dimitar Yanev, and Stephen Hookings.
Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.
We will present SAP’s Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.
Please cite this work as follows: A. D. Brucker, D. Yanev, and S. Hookings, “Bringing security testing to development: How to enable developers to act as security experts,” presented at the OWASP AppSec EU conference, Amsterdam, The Netherlands, May 21, 2015. Author copy: https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/
@Unpublished{ talk:brucker.ea:owasp-sectest:2015,
date = {2015-05-21},
title = {Bringing Security Testing to Development: How to Enable
Developers to Act as Security Experts},author = {Achim D. Brucker and Dimitar Yanev and Stephen Hookings},
venue = {Amsterdam, The Netherlands},
eventtitle = {OWASP AppSec EU conference},
abstract = {Security testing is an important part of any security
development life-cycle (SDLC) and, thus, should be a part of
any software development life-cycle.
We will present SAP's Security Testing Strategy that enables
developers to find security vulnerabilities early by applying
a variety of different security testing methods and tools. We
explain the motivation behind it, how we enable global
development teams to implement the strategy, across different
SDLCs and report on our experiences.},slideshare = {key/qj2fmkiI8btRss},
video = {https://www.youtube.com/watch?v=LZoz4cv0MAg},
slideshare_width = {476},
slideshare_height = {400},
note = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/}},
pdf = {https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/talk-brucker.ea-owasp-sectest-2015.pdf},
}