No Size Fits All: Empowering Engineers with Custom Application Security Tests

Explore a 42-minute conference talk from NDC Security in Oslo that delves into empowering engineers with custom application security tests. Learn how to create tailored security solutions that address specific business logic vulnerabilities, verify custom security mechanisms, and detect complex generic vulnerabilities that standard tools might miss. Discover the benefits of using simple rule syntax provided by open-source tools like Semgrep and Nuclei to craft precise, efficient security tests. Gain insights into integrating these custom scans into CI/CD processes for continuous verification and regression testing. Through practical demonstrations and hands-on examples, understand how this customized approach puts control back into the hands of security experts and software engineers, enabling more effective and efficient application security practices.

No Size Fits All: Empowering Engineers with Custom Application Security tests - Michal Kamensky