26–28 October 2015
Amsterdam, The Netherlands

Building software securely with agile

Michael Brunton-Spall (Bruntonspall Ltd)
11:00–12:30 Wednesday, 28/10/2015
Location: D403
Average rating: ***..
(3.50, 2 ratings)

Materials or downloads needed in advance

A laptop that can run a vagrant box will enable you to run along with us, but won't be necessary. It could be used after the tutorial to explore the concepts just as easily.


Traditional security testing and secure development methodologies are generally considered incompatible with agile development. In this talk, Michael will outline some technologies for continual penetration testing and talk about more advanced techniques used to keep security and risk managed within an agile project.

This talk will cover the use of open source tools to demonstrate how continual penetration testing can be done, how easy it is to get started, and ideas for integrating into your build and deploy pipeline.

It will also cover the use of modelling techniques to help an agile team understand the security impacts of their decisions, and consider ways to document and automate these techniques to fit with an agile envelope net methodology.

Photo of Michael Brunton-Spall

Michael Brunton-Spall

Bruntonspall Ltd

Michael Brunton-Spall is an independent security consultant. Previously, Michael was deputy director for technology and operations and head of cybersecurity at the UK Government Digital Service and held a number of jobs ranging from creating low-level embedded hardware to gaming development on consoles to scaling and operating the Guardian newspaper. He is a regular conference speaker, the author of Agile Application Security, and an enthusiastic Agilist and security geek.

Comments on this page are now closed.


8/11/2015 23:05 CET

This session gave me some guidelines how to test (security) baselines in agile software production. Thanks.