Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, May 18 • 5:30pm - 6:10pm
OpenStack Security CI/CD Way

Sign up or log in to save this to your schedule and see who's attending!

 

As OpenStack becomes popular, Continuous Integration and Continuous Deployment (CI/CD) of OpenStack is gaining attention. Customers need the ability to deploy multiple times every day to meet their business needs. This is a huge challenge to application security.   Traditional web application security testing and API security testing are manual processes aided by various tools. The tests are time consuming and lack consistence. It is almost impossible to embed these types of security testing into CI/CD process. 

 

In Rackspace, security engineering team is working with quality engineers and developers to integrate security testing into CI/CD process. Security engineering team uses the same framework/tool that quality engineer use to ease integration. Currently we are focusing on API security testing automation and web application security testing. We are working on a couple of approaches to integrate security-testing cases with QE testing framework. The security test cases cover necessary security checks including common security vulnerability checks and some product specific checks. These security test cases can be run by anyone from the team. They can also be invoked as Jenkins jobs as part of integration test. The failed security test cases indicate some types of security defects and need to be remediated. 

 

The security testing automation improves the consistency, repeatability and auditability of our security testing process. Security testing within CI/CD process can detect security defect in early stage and reduce remediation costs.  

Speakers
avatar for Jim Freeman

Jim Freeman

Director, Quality and Security Engineering, Rackspace Hosting
Jim is a Director of Quality and Security Engineering at Rackspace. Jim has successfully built a team of specialized security engineers that is part of the development, quality, and delivery process at Rackspace. Jim felt that the best way to interconnect and ensure security testing was done correctly was to move security testing away from Corporate Security and move it into the quality organization. This new paradigm has melded the developer... Read More →


Monday May 18, 2015 5:30pm - 6:10pm
Room 211

Attendees (231)