DevOps World | Jenkins World 2019 Lisbon has ended
Back To Schedule
Wednesday, December 4 • 16:15 - 17:00
Integrating Security Scanning in a CI/CD Pipeline

Log in to save this to your schedule, view media, leave feedback and see who's attending!

In this talk, we will discuss the process of integrating Dynamic Application Security Testing (DAST) in a CI/CD pipeline. We will focus on web application security, but the examples can be generalized to other application security domains. Integrating dynamic security scans in a CI/CD pipeline poses unique challenges that usually are of little concern for more traditional types of testing, such as unit and integration tests. One of such challenges is the scan time. A dynamic scan, without proper care, can result in an unacceptable amount of scanning time and stall the pipeline. Therefore, we had to devise several strategies in order to balance the total scanning time and the thoroughness of the scan. We will propose some strategies, discuss their strengths and weaknesses, and give practical examples using a Jenkins plugin we built to enable DAST scans.

avatar for João Poupino

João Poupino

Security Engineer, Probely
João Poupino is currently working on web application security at Probely. He has a special interest in security and cryptography, but has held many different roles in his career, ranging from system administrator to developer to security consultant.João has worked on cool projects... Read More →

Wednesday December 4, 2019 16:15 - 17:00 PST
Auditorium VI