In many organizations testing for security is done following a “scan­-then-­fix” approach. The security team runs a scanning tool or conducts a pen test, triages the results, and then presents the development team a long list of vulnerabilities to be fixed right away. This is often referred to as ““the hamster wheel of pain””. There is a better way.

As part of this presentation we will explore how to inject security verification in every step of the software development . …