We can see the trends in integrating security tooling into CI/CD pipelines. However, security tooling alone will not cover your entire attack surface. This is because the tooling can never understand the full context of the application's functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. Where do we find the right balance between security test automation and manual verification? Even more importantly, how do we train the developers to
understand the metrics and make security part of their process and culture? OWASP security knowledge framework introduced a new interactive learning platform to teach you everything you need to know about secure software development! SKF helps you deploy sandboxed learning environments on the fly where you find all the tools you need to get yourself going. Use the OWASP SKF to train yourself or your entire team to exploit and mitigate web application vulnerabilities.
As a coder, hacker, speaker, trainer, and security researcher employed at ING bank in Belgium as the Security Manager, Glenn has over 15 years of experience in the field of security. He is one of the founders of defensive development def[dev]eu - a security trainings series dedicated to helping you build and maintain secure software and has also spoken at multiple other security conferences in the world. His goal is to create an open-source software development life cycle with the tools and knowledge gathered over the years.