Speaker details

Andreas Falk

Novatec Consulting

Andreas Falk has been working on enterprise application development projects for more than twenty years.

Currently, he is working as a managing consultant for Novatec Consulting, located in Germany. In various projects, he has since been around as an architect, developer, coach, and trainer. His focus is on the agile development of cloud-native enterprise Java applications using the complete Spring platform. As the lead of agile security at Novatec Consulting and a member of the Open Web Application Security Project (OWASP), he likes to have a closer look at all aspects of application security as well.

Andreas is also a frequent speaker at conferences like Devoxx, Spring I/O, CloudFoundry Summit, and OWASP.

Shift-Left-Security with the Security Test Pyramid

The test pyramid by Mike Cohn should be familiar to most developers and is often used in projects within test-driven development.

But does your test pyramid also include verification of application security?

In the context of agile development and continuous delivery, it is essential to continuously assess application security. Therefore, concrete security requirements must be specified in each sprint, so that these can be verified with corresponding tests. This is the only way to achieve an effective shift-left for security.

In this talk, we will look at the test pyramid from a security perspective. Actually, a large part of the OWASP top 10 security categories can be covered by automated testing. This will be practically illustrated using live demos based on a Spring Boot Java application with automated tests for authentication, authorization, input validation, and SQL injection prevention, among others.

JUnit 5
Integration Test