(Automated) Security Testing in a DevOps world

Have something interesting to share with Java Eastern Europe community?

Become a speaker now

Kevin Wittek

Kevin Wittek

Software Engineer at Codecentric, Germany

Testcontainers co-maintainer and Testcontainers-Spock author. Software Craftsman and testing fan. Loves to play the electric guitar and is a musician in his second life. Found his own company during his university years, developing mobile apps and client-server applications, which lead to his discovery of Grails and the Groovy ecosystem. Fell in love with TDD because of Spock. Nowadays Kevin is working at Software Engineer at Codecentric and focuses on topics such as software craftsmanship, infrastructure as code and continuous integration pipelines, trying to make the world a better place one container at a time.

Speaker's activity

(Automated) Security Testing in a DevOps world

Talk

English

A successful DevOps culture should value the topic security as a self-evident aspect of a holistic software development life cycle. Just as we’ve learned that topics such as testing, operations or design are best tackled in a cross functional team as a part of an integrated development process, we now must understand, that an over-the-shoulder approach regarding security doesn’t work in times of continuous delivery and continuous deployment. We will be showing how to integrate static analysis, as well as dynamic application security testing into a Java build pipeline, using open source tools like OWASP Dependency Check, OWASP ZAP, FindBugs, Docker, Testcontainers and Gitlab. There will be no silver bullets presented in this talk, but we will find out why we should care about security in our applications and what challenges are still lying ahead of us.