Bringing Security Testing to Development: How to Enable Developers to Act as Security Experts

By Achim D. Brucker, Dimitar Yanev, and Stephen Hookings.

Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.

We will present SAP’s Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.

Please cite this work as follows:
A. D. Brucker, D. Yanev, and S. Hookings, “Bringing security testing to development: How to enable developers to act as security experts,” presented at the OWASP AppSec EU conference, Amsterdam, The Netherlands, May 21, 2015. Author copy: https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/

BibTeX
@Unpublished{ talk:brucker.ea:owasp-sectest:2015,
  date              = {2015-05-21},
  title             = {Bringing Security Testing to Development: How to Enable
                       Developers to Act as Security Experts},
  author            = {Achim D. Brucker and Dimitar Yanev and Stephen Hookings},
  venue             = {Amsterdam, The Netherlands},
  eventtitle        = {OWASP AppSec EU conference},
  abstract          = {Security testing is an important part of any security
                       development life-cycle (SDLC) and, thus, should be a part of
                       any software development life-cycle.
                       
                       We will present SAP's Security Testing Strategy that enables
                       developers to find security vulnerabilities early by applying
                       a variety of different security testing methods and tools. We
                       explain the motivation behind it, how we enable global
                       development teams to implement the strategy, across different
                       SDLCs and report on our experiences.},
  slideshare        = {key/qj2fmkiI8btRss},
  video             = {https://www.youtube.com/watch?v=LZoz4cv0MAg},
  slideshare_width  = {476},
  slideshare_height = {400},
  note              = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/}},
  pdf               = {https://logicalhacking.com/publications/talk-brucker.ea-owasp-sectest-2015/talk-brucker.ea-owasp-sectest-2015.pdf},
}