Traditional security testing and secure development methodologies are generally considered incompatible with agile development. In this talk, Michael will outline some technologies for continual penetration testing and talk about more advanced techniques used to keep security and risk managed within an agile project.
This talk will cover the use of open source tools to demonstrate how continual penetration testing can be done, how easy it is to get started, and ideas for integrating into your build and deploy pipeline.
It will also cover the use of modelling techniques to help an agile team understand the security impacts of their decisions, and consider ways to document and automate these techniques to fit with an agile envelope net methodology.
Michael Brunton-Spall is an independent security consultant. Previously, Michael was deputy director for technology and operations and head of cybersecurity at the UK Government Digital Service and held a number of jobs ranging from creating low-level embedded hardware to gaming development on consoles to scaling and operating the Guardian newspaper. He is a regular conference speaker, the author of Agile Application Security, and an enthusiastic Agilist and security geek.
Comments on this page are now closed.
©2015, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com