We can see the trends in integrating security tooling into CI/CD pipelines. However, security tooling alone will not cover your entire attack surface. This is because the tooling can never understand the full context of the application's functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. Where do we find the right balance between security test automation and manual verification? Even more importantly, how do we train the developers to
understand the metrics and make security part of their process and culture? OWASP security knowledge framework introduced a new interactive learning platform to teach you everything you need to know about secure software development! SKF helps you deploy sandboxed learning environments on the fly where you find all the tools you need to get yourself going. Use the OWASP SKF to train yourself or your entire team to exploit and mitigate web application vulnerabilities.
As a penetration tester from the Netherlands Riccardo ten Cate specializes in application security and has extensive knowledge in securing applications in multiple coding languages. Riccardo has many years of experience in training and guiding development teams to become more mature and making their applications secure by design.