Writing good code is a challenge. Writing a code that is working, maintainable and secure is very hard to achieve. This is why we need automation – to spot the issues we missed. Tools like unit tests, code coverage or security tests can help detect various issues and help us write better code. This talk will focus on security tests – what kinds of tests exist? What value they have? And most important, what tools what can use to start running these tests today? > The talk will contain a live (and hopefully interactive) demo of the tools, to demo what issues they can detect. All the tools that I’ll discuss are free OSS software that you can start using today.

1. Secure Your Pipeline
Omer Levi Hevroni
@omerlh
@SolutoEng

2. @omerlh
Wr i t i n g S e c u re C o d e i s H a rd

3. @omerlh
A l l i s G o o d
Yo u C a n P u b l i s h

4. I’m a builder
@omerlh

5. AppSec @
@omerlh

6. I OWASP
• Zap contributor
• Proud member
• Glue project leader
@omerlh

7. @omerlh
What Security Tests do We Need?

8. @omerlhhttps://wp.me/pakmvi-3g

9. @omerlh
Wait, What About the Pipeline?

10. Wra p p i n g U p
@omerlhhttp://www.viralgoal.com/wrap-adorable-cat-blanket-named-purritos/
Test Type Tool Name
Static Analysis NodeJSScan
Dynamy Analysis OWASP Zap
Packages NPM audit/Snyk
https://wp.me/pakmvi-3g

11. Q u e st i o n s ?
@omerlhhttp://www.applestory.biz/hermione-hand-raise-gif.html

12. @omerlh
Feedback is much appreciated!

13. @omerlh
Wr i t i n g S e c u re C o d e i s H a rd

14. @omerlh
https://wp.me/pakmvi-3g

15. Thank You
Omer Levi Hevroni
December 2018
@omerlh
https://www.solutotlv.com