Loading…
THE MUST ATTEND EVENT FOR CYBERSECURITY PROFESSIONALS
Friday September 27, 2024 3:30pm - 4:15pm PDT
Application security requires a systematic and holistic approach. However, organizations typically struggle in creating an effective application security (AppSec) program. They often end up in the rabbit hole of fixing security tool-generated vulnerabilities. We believe that leveraging ASVS as a security requirements framework as well as a guide to unit and integration testing is amongst the highest added value security practices. By turning security requirements into “just requirements” organizations can enable a common language shared by all stakeholders involved in the SDLC.

In this talk, we would like to present the case of ASVS-driven development. Firstly, we have analyzed the completed ASVS to determine how much of it could be transformed into security test cases. Our analysis indicates that 162 ASVS requirements (58%) can be automatically verified using unit, integration and acceptance tests. Secondly, we have designed an empirical study where we have added 98 ASVS requirements to the sprint planning of a relatively large web application. We have implemented unit and integration tests for 90 ASVS requirements in 10 man-days that are now part of the security regression test suites.

Our study demonstrates that leveraging ASVS for deriving security test cases can create a common theme across all stages of the software development lifecycle making security everyone’s responsibility.














Speakers
avatar for Aram Hovsepyan

Aram Hovsepyan

Founder and CEO, Codific
Aram is the founder and CEO of Codific - a Flemish cybersecurity product firm. With over 15 years of experience, he jas a proven track record in building complex software systems by explicitly focusing on software security. Codific’s flagship product, Videolab, is a secure multimedia... Read More →
Friday September 27, 2024 3:30pm - 4:15pm PDT
Room: Seacliff AB
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!