Put yourself in the appsec pipe
Create secure software is more than run a penetration test or a code review, just before the deploy and having some automatism can help you in have a low error rate process. In this talk we will go through the pipeline building process, explaining how to automate some boring tasks dedicating ourself to having fun, playing tricks like pros. At the end of our journey both tech people than security managers, will have the feeling that using the pipeline approach, they can lower vulnerabilities, with an affordable time to market so to make the bosses happy.
After some time spent doing penetration test, Paolo is now focused on security code reviews, secure software design and working on patches to handle exposures found. He loves writing web application using Ruby and Sinatra framework, applying TDD and BDD with secure bonding principles. Paolo so becomes an application security specialist helping developers in writing secure code by breaking into it. He wrote Dawnscanner (https://dawnscanner.org), a static analysis tool fo ruby written applications and he blogs at https://codiceinsicuro.it and https://armoredcode.com.