[Owasp-vancouver] Managing an Application Security Testing and Vulnerability Management Program in a CI/CD Environment on Thursday, March 29

Jeevan Singh me at jeevan.ca
Wed Mar 28 17:33:38 UTC 2018

 Thank you to everyone who came out to our first chapter meeting in
January! We had a great turnout and a fantastic discussion during the Q&A

On Thursday March 29th we will see you all at our *sold out* event where
Karim Lalji will present his topic "Managing an Application Security
Testing and Vulnerability Management Program in a CI/CD Environment
*A big thanks to Mozilla for hosting us again at their offices.*

*Meetup details*
Modern software environments have adopted new methodologies to developing
products including continuous integration and continuous delivery, more
commonly referred to CI/CD. Application security testing and vulnerability
management is an important aspect in software environments; unfortunately
this practice is often lacking in both effectiveness and requisite
knowledge when dealt with from an applications perspective as opposed to
traditional IT infrastructures. The challenges are further extended in
CI/CD environments where critical code is merging into production at
regular intervals without proper security coverage.

This talk will aim to provide individuals with a working understanding of
application security testing (AST) as well as vulnerability management in a
modern software enterprise employing DevOps practices, and more
specifically a CI/CD pipeline. The talk will discuss security testing at
different stages of the S-SDLC from source code analysis to penetration
testing and how to effectively manage vulnerabilities. The discussion is
applicable to anyone with an interest in security or software in general
but is of particular relevance to managers and architects interested in
building an effective application security program.

*Speaker bio*
Karim has a background in application security particularly in the
banking/finance industries and currently works in a senior offensive
security consulting role conducting penetration testing and
threat/vulnerability assessments for a variety of clients. Karim was a
software engineer in his past life and securing applications has been a
strong focus for a good portion of his career.

*Important links*
Here are some important links so that you can keep track of all upcoming
(and past) OWASP meetings:

   - Official OWASP Vancouver chapter website - link
   - Subscribe to our Eventbrite calendar (rss feed) - link

Looking forward to seeing you all tomorrow!

Do you have any questions or concerns? Feel free to reach out to us! We are
also looking for future OWASP speakers and venues, let us know if you can
help out.

More information about the Owasp-vancouver mailing list