Let’s Write Security Unit Tests! with Eric Johnson

Show Notes ▬▬▬▬▬▬ ABSTRACT & BIO 📝 ▬▬▬▬▬▬ Fast moving DevOps teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Most static and dynamic scanners take too long to complete and the results are invalidated after the next commit. How can security teams build stronger security checks into their pipelines and obtain fast feedback without slowing down engineering teams? Here's the good news: DevOps teams are already using unit testing frameworks and continuous integration (CI) tools to automate testing. And even better news: security teams can get their hands dirty, write some code, and add custom security-focused unit tests to the pipeline. In this talk, we will explore how security unit testing fits into DevOps, a few unit testing frameworks, and several examples that can help security teams harden their applications. Live demonstrations will show how to write security unit tests, execute the tests in a GitHub Actions workflow, and evaluate the test results. ERIC JOHNSON Eric is co-founder and Principal Security Engineer at Puma Security focusing on cloud security, static code analysis, and DevSecOps automation. His experience includes performing cloud security reviews, infrastructure as code automation, application security automation, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is also a Senior Instructor with the SANS Institute where he authors information security courses on cloud security, DevSecOps automation, and secure coding. He delivers security training globally for SANS, as well as presents security research at conferences including RSA, BlackHat, OWASP, BSides, DevOpsDays, fwd:cloudsec, and ISSA. https://twitter.com/emjohn20 https://www.linkedin.com/in/eric-m-johnson ▬▬▬▬▬▬ LINKS🔗 ▬▬▬▬▬▬ https://www.slideshare.net/pumasecurity/devsecops-lets-write-security-unit-tests ▬▬▬▬▬▬ Producer 🎥 ▬▬▬▬▬▬ Nancy Gariché ▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬ Nikki Becher ► https://twitter.com/thedeadrobots Nancy Gariché ► https://www.linkedin.com/in/nancygariche Shinesa Cambric ► https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa%C2%AE-0480685/ ▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬ YOUTUBE ► https://www.youtube.com/c/OWASPDevSlop/​ DEV ► https://dev.to/devslop​ INSTAGRAM ► https://www.instagram.com/owaspdevslop/​ TWITTER ► https://twitter.com/Owasp_DevSlop​ LINKEDIN ► https://www.linkedin.com/company/owasp-devslop