Treffen Sie uns auf einer Konferenz!

Verschaffen Sie sich einen Überblick, auf welchen Events unsere codecentric-Kollegen als Referenten vertreten sind. Wir würden uns freuen, Sie auf einer Konferenz persönlich begrüßen zu dürfen.

(Automated) Security Testing in a DevOps world



A successful DevOps culture should value the topic security as a self-evident aspect of a holistic software development life cycle. Just as we’ve learned that topics such as testing, operations or design are best tackled in a cross functional team as a part of an integrated development process, we now must understand, that an over-the-shoulder approach regarding security doesn’t work in times of continuous delivery and continuous deployment.

We will be showing how to integrate static analysis, as well as dynamic application security testing into a Java build pipeline, using open source tools like OWASP Dependency Check, OWASP ZAP, FindBugs, Docker, Testcontainers and Gitlab. There will be no silver bullets presented in this talk, but we will find out why we should care about security in our applications and what challenges are still lying ahead of us.

Kevin WittekKevin Wittek