Security test automation in software development using open source tools
Writing secure software is better than plugging holes. A high level of automation is essential for building security into your software development lifecycle. David Tillemans, application security expert at Smals (www.smals.be), will talk about some standard security checks and demonstrate the essential testing tools. Findbugs and PMD are well know open source tools offering great security oriented features. ZAProxy, a web application security scanner developed by OWASP (Open Web Application Security Project), is great for testing the security issues of the web frontend. It can be integrated in your test driven development lifecycle. The session will demonstrate the integration of ZAproxy into Maven using a plugin and how to perform automatic web security scans based on your Selenium tests.