DSC Germany | Shift-Left-Security with the Security Test Pyramid

Questions? Join the conversation on Slack https://snyk.co/DSC-Slack-Invite channel #devseccon-germany

The test pyramid by Mike Cohn should be familiar to most developers and is often used in projects practicing test-driven development.

But does your test pyramid also include verification of application security?

In the context of agile development and continuous delivery, it is essential to continuously assess application security. The current pattern of conducting penetration tests just a few days before going live no longer scales. Instead, concrete security requirements must be specified in each sprint and those requirements have to be verified by corresponding (preferably automated) tests. This is the only way to achieve an effective shift-left for security.

In this talk, we will look at the well-known test pyramid from a security perspective. We will look at how to add effective security tests at each level of the pyramid. This way, a large part of the OWASP top 10 security categories can actually be covered by automated testing. This will be practically illustrated using live demos based on a Spring Boot Java application with automated tests for authentication, authorization, input validation, and SQL injection prevention, among others.

Speaker: Andreas Falk, Managing Consultant and Practice Lead Agile Security at NovaTec Consulting GmbH

Andreas Falk has been working on enterprise application development projects for more than twenty years. Currently, he is working as a managing consultant for Novatec Consulting, located in Germany. In various projects, he has since been around as an architect, coach, and developer. His focus is on the agile development of cloud-native enterprise Java applications using the complete Spring platform. As a member of the Open Web Application Security Project (OWASP), he likes to have a closer look at all aspects of application security as well. Andreas is also a frequent speaker at conferences.

The event is finished.


Sep 27 - 28 2021


12:00 pm - 1:00 pm

Local Time

  • Timezone: America/New_York
  • Date: Sep 27 - 28 2021
  • Time: 6:00 am - 7:00 am


Virtual Event
Join the conversation
QR Code
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.