Security software developer with a focus on Java development and one of the project leads for the OWASP WebGoat project.
As developers we write a lot of unit and/or functional test cases, why do we forget to include specific security tests? With a small effort you can easily get rid of the low hanging security findings which are always present in a pentest report. Wouldn’t it be great if you could show a pentester a complete report of all the test cases you already performed so the pentester can focus on the real complicated security issues within your application.
In this presentation I will show some frameworks which can help you automate security testing in your application.