Security Testing Automation: I Like to Push the Red Button
Presenter: Miguel Hernandez Ruiz
Security is becoming more and more important as the time passes by. Incidents causing millions in losses are all over the internet every single day. However, the market is pushing the development to be faster and faster and shorting the delivery times. Continuous delivery environments require a response from security testing to align with the time to market.
There is a huge, actual and difficult challenge in front of us: to produce software secured by default in fast development methodologies.
This paper introduces the challenges we are facing regarding security embedding in the development lifecycle. How to face those challenges is a thin line separating the success and the failure.
When something becomes a periodic task, it is worthy to analyse if it is susceptible of being automated. This conference will give you a starting point to dig into and answer the question: should I automate the security testing? if so, how?
A Security Automation Maturity Model is presented with the most likely scenarios for any current security automation in a company. Some of those scenarios are assessed in depth and communication flows are introduced in the core part of the presentation. Different solutions are offered at this point of the paper.
At the end, a list of available tools to be used in the previously presented scenarios is shown along with a demo of a working implementation. Finally, the conclusions of the paper are exposed.
Miguel Hernandez Ruiz
Miguel A. Hernandez Ruiz works as Senior Security Engineer for IBM Watson Health. As a part of the Security Engineering Team, he is pushing the security testing to align with the continuous delivery approach. He has been working in the security field for more than 11 years. During that time, he has been working as Consultant, Analyst and Penetration Tester. Despite they are highly linked positions all of them offer a different view on security which complement each other. This fact allowed Miguel to develop a wide and all across point of view about application security. During the last 5 years he has been working in Security Testing trying to improve the existing approaches and adapting the testing to meet different business requirements. Some of the companies he has work for are: AXA Mediterranean and Latin American coordination, Gas the France Suez, European Union Property Office, and in the last two years, IBM. Miguel is IT Engineer and holds two Masters and 7 Professional certifications. Among those ones are the widely market recognized Offensive Security Certified Professional (OSCP), Certified in Ethical Hacking (CEH), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Improvement is always in Miguel´s ADN.
Test Masters Academy invites you to contribute to the professional growth of the global testing community by sharing your passion, unique insights, skills, and knowledge. Read our Code of Conduct HERE
© Test Masters Academy 2018
Made by Yana Grafchikova