This course teaches learners how to utilize interactive application security testing (IAST) to enhance DevSecOps practices. The learning outcomes include understanding how IAST works, unlocking the benefits of DevSecOps, detecting vulnerabilities in real time, and merging security testing into normal QA activities. The course covers skills such as runtime vulnerability snapshots, library analysis, route coverage, and deploying IAST at scale. The teaching method involves a presentation by an industry expert sharing real-world data and examples. The intended audience includes developers, security professionals, and anyone interested in improving application security within a DevOps environment.
Using IAST to Unlock the Benefits of DevSecOps
Overview
Syllabus
Intro
Public expectations don't match reality
DevSecOps will fix everything
Instrumentation changes everything
Example: Detecting SQL injection
IAST
Runtime vulnerability snapshots
Runtime library analysis
Runtime route coverage
Runtime architecture diagrams
Deploying IAST at scale
DevSecOps - Getting secure code moving
Metrics that matter
Outro
Taught by
GOTO Conferences
