2. Nir Koren
DevOps Tech Lead, SAP Labs Israel
SECURITY TESTS
as part of
CONTINUOUS INTEGRATION
3. DevOps Tech Lead, SAP Labs Israel
WHOAMI
WHOAREWE
https://il.linkedin.com/in/nirkoren
https://www.facebook.com/koren.nir
@KorenNir
@nir_koren
SAP HANA Cloud Portal solution
4. FIXING A BUG COSTS
Coding Unit Test QA Testing Field Test Post release
25 $
16,000 $
1,000 $
AppliedSoftwareMeasurement,CapersJones1996
14. IBM AppScan implementation
Create a new scan Add your application URL Configure Policy and details
Live System
URL and
Login details
Predefined
scan policy
and scan
configuration
15. HP Fortify implementation
Create a new scan
On local server
Upload the FPR
To F360 server
Scan and Audit
On F360 server
Generate Reports
PDF and XML
16. implementation
Connect to my project
On my local server
Create a scan
On Cx Central server
CheckMarx Jenkins plugin
Scan and Upload
On my local server
Scan and report
On Cx Central server
Generate Reports
PDF and XML
bi-directional
19. The status contains links and info (internally developed)
Link to the PDF report
Relevant info from the scan
Status by our definition
20. Everyone knows the status. Always.
Both product and implementation teams are updated
New issues fixed immediately
We never spend time for security fixes
Security awareness in our group