LASCON 2015

This is not a talk about integrating ZAP with Jenkins ;). Security has fallen behind the automation used by the rest of the software industry, and I’ll show you how we can catch up. There are plenty of automated tools used in our profession. For mission critical applications, none of them provide the coverage we need to sleep easy. Manual testing can also be extremely time consuming. This talk will show you how to turn any manual assessment into an automated script. I’ll demonstrate how to solve the more difficult aspects of security automation like XSS validation by utilizing browser hooks. Finally, I’ll cover how to build robust automated security tests that are ready to be plugged into a continuous delivery system.