Name: Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines
Start: 2017-01-24T14:30:00-0800
End: 2017-01-24T15:20:00-0800

Back To Schedule

Monitoring Application Attack Surface to Integrate Security into DevOps Pipelines

A web application’s attack surface is the combination of URLs it will respond to as well as the
inputs to those URLs that can change the behavior of the application. Understanding an
application’s attack surface is critical to being able to provide sufficient security test coverage,
and by watching an application’s attack surface change over time security and development
teams can help target and optimize testing activities. This presentation looks at methods of
calculating web application attack surface and tracking the evolution of attack surface over
time. In addition, it looks at metrics and thresholds that can be used to craft policies for
integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD)
pipelines for teams integrating security into their DevOps practices.

Speakers

Dan Cornell

Chief Technology Officer and a Principal, Denim Group, Ltd.

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500... Read More →

Dan Cornell MonitoringAttackSurfaceToSecureDevOpsPipelines Content v3 pdf

Tuesday January 24, 2017 2:30pm - 3:20pm PST
Garden Terrace Room

Garden Terrace Room

Register Now! https://2017.appseccalifornia.org/#register

AppSec California 2017

Dan Cornell

Attendees (25)

AppSec California 2017

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Dan Cornell

Attendees (25)