Continuous Delivery (CD) introduces a new set of challenges for application security testing, even compared with already fast Continuous Integration (CI) and DevOps methodologies. CD development organization can produce hundreds or even thousands of software updates per day, some of them taking no longer than a few hours from beginning to end. This puts pressure even on the best fast AppSec testing methodologies, such as fast incremental testing, restricted testing, etc.
True continuous testing calls for true, inline, continuous security testing, which does not rely on any dedicated testing slots. In this talk we will talk about some of these concepts - how to streamline security testing in the background, how to fit it into modern A/B testing cycles, and how to build an approval process that fits a modern CD workflow, rather than an old security go/no-go approach.
Join this talk if you would like to turn your application security testing methodology into one that can fit whatever development velocity your organization wants to go at!
