Practical Dynamic Application Security Testing within an Enterprise

Explore practical approaches to dynamic application security testing within enterprise environments in this AppSecUSA 2017 conference talk. Learn how to integrate security into DevOps processes through strategic planning and implementation of a common pipeline for Continuous Integration (CI) and Continuous Deployment (CD). Discover two complementary methods for scalable and comprehensive application security: deploying dynamic scanners within CI/CD pipelines and leveraging data from analytic tools. Gain insights into using containerized RESTful API services for rapid security analysis of multiple applications. Understand how these solutions can transform application assessment practices, enabling efficient scanning of thousands of URLs and incorporating dynamic analysis into all build cycles. Benefit from the speakers' experience in implementing these approaches at Verizon, enhancing the security posture of a large enterprise.

Intro
About Me
Overview AST
Assessments never stop...
AST Detailed
Scanner and CLI
OST Overview
Cast a wide net
Why OST?
How to OST
OST Detailed
Sample bulk-scan response
Sample bulk-scan data flow
Sample bulk-scan results
Filling the Gap
Conclusion