*AST In CI/CD – how to make it WORK!

Speaker: Ofer Maor, Director, Enterprise Solutions, Synopsys

SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this talk we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The talk will review the pros and cons of each of the testing technologies, and how to adapt it to rapid development, and how to manage the balance between risk and speed to build a proper signoff process, so that real threats will become blockers, but other issues will be handled in a parallel slower cycle, without slowing down the main delivery.

BIOGRAPHY

A leading security expert and entrepreneur with over 20 years of experience in information and application security and a track record of security companies. I’ve been involved in application security from its early days, through research, penetration testing, consulting, product and strategy.

As Founder and CTO of Seeker, now acquired by Synopsys, I’ve pioneered IAST, the next generation of application security testing technology, currently used by some of the largest organizations in the world to continuously improve their software security. Prior to Seeker I was the Founder and CTO of Hacktics, a world-leading security services group, later acquired by Ernst & Young. I was previously the leader of Imperva’s Application Defense Center research group and have also served as the Chairman of OWASP Israel and in the OWASP Global Membership Committee.