Scratching the Surface of Your CD - Continuous Delivery and Application Security Challenges

Explore the challenges of application security testing in Continuous Delivery (CD) environments through this insightful conference talk from AppSecUSA 2018. Dive into the complexities of implementing security measures in fast-paced development cycles that can produce hundreds or thousands of software updates daily. Learn about innovative approaches to streamline security testing, including background testing, integration with A/B testing cycles, and modern approval processes that align with CD workflows. Discover how to adapt your application security testing methodology to keep pace with your organization's development velocity, moving beyond traditional go/no-go approaches. Gain valuable insights on topics such as CI/CD pipelines, testing tracks, fast tracks, testing tools, risk assessment, and the concept of hard gates versus soft gates in security testing. Whether you're a security professional or a developer working in a high-speed environment, this talk offers practical strategies to enhance your security testing practices in the era of Continuous Delivery.

Introduction
Continuous Delivery
CICB Pipeline
Testing Tracks
Fast Tracks
Testing Tools
Second Track
Risk
Black and White
What are gates
Hard gates vs soft gates
Hard gates only
Be testing
QA