Track Talk Th13

A Practical Approach to Continuous Application Security Testing

Leela Putten

15:30-16:15 CEST Thursday 9th June

Application Security Testing has been gaining a lot of momentum with the popularity of DevSecOps. It’s also a testing discipline that is often seen as highly technical and expensive. With the growing need to understand how to approach and implement continuous application security checks, I would like to share my insights and practical steps on this subject.

For the past 12 years of my career in software testing, I have been on a mission to get the testing team to shift application security testing left, and have simplified the complexity behind this discipline to make it less scary, more practical, and more exciting. Many IT Security teams in South Africa have bought into my concept of sharing responsibilities on certain control checks, and the testing team played a valuable role in ensuring that we run regression security checks on every release – both on the functional and non functional security testing side. It starts by leveraging basic OWASP foundational concepts, freely accessible to most users, to further help them map their roadmap to a secure application landscape.

In this talk, I will cover the WHY, WHAT, WHEN, WHERE and HOW of Application Security testing. We will also look at the importance of evolving our security mindset and how to adapt our approach to our current needs. We will also cover some practical use cases in the financial sector and telecommunication sector, and what was delivered. We will end the talk with a look at the security of the future.