DevoxxUA 2021. Andreas Falk. Shift-Left-Security with the Security Test Pyramid скачать в хорошем качестве

DevoxxUA 2021. Andreas Falk. Shift-Left-Security with the Security Test Pyramid

The talk from Devoxx Ukraine 2021 ONLINE Fb: www.facebook.com/DevoxxUkraine/ Website: www.devoxx.com.ua The test pyramid by Mike Cohn should be familiar to most developers and is often used in projects within test-driven development. But does your test pyramid also include verification of application security? In the context of agile development and continuous delivery, it is essential to continuously assess application security. Therefore, concrete security requirements must be specified in each sprint, so that these can be verified with corresponding tests. This is the only way to achieve an effective shift-left for security. In this talk, we will look at the test pyramid from a security perspective. Actually, a large part of the OWASP top 10 security categories can be covered by automated testing. This will be practically illustrated using live demos based on a Spring Boot Java application with automated tests for authentication, authorization, input validation, and SQL injection prevention, among others.