Security breaches are becoming more and more commonplace in today’s world. One time security reviews just prior to release and static code analysis don’t catch all critical vulnerabilities. Capturing them on a continuous basis as code is written is a better approach. In this talk, Wendy focuses on incorporating tools to automate enforcing security concerns into Agile software processes.
Worldwide, from government to retail, banking to healthcare, hacks and data breaches are becoming household names. Yet software teams often ignore many security concerns as they work towards their various delivery deadlines, handling only those that are easy to incorporate. And teams generally rely on manual processes to ensure that even these steps are followed.
Today, Agile is more than a buzzword; it’s the new norm. Its adoption is widespread and there are conferences and books dedicated to the practice. It’s known for bringing testing into focus as something that should be done throughout the delivery process instead of just at the end.
Taking the same approach for security is a logical next step in advancing our craft. By including various security checks in our Continuous Delivery practices we can ensure that we are thinking about building secure applications from the start rather than waiting until the end, doing some ad hoc testing, and praying that we are not the headline of the next large breach.
This talk goes through a few options, using examples for multiple programming languages including C#, Java, and Ruby and highlighting how running them regular could thwart various security threats.