Carlo Bonamico, Gabriele Guasco
The "Security Sandwich" approach (up-front design + end-of-project Vulnerability Assessment) ineffectively exposes most vulnerabilities just before Production, when there is no more time/budget for massive refactoring or changes. Recently, Continuous Integration & Delivery achieved their huge positive impact by spreading Testing and Quality through the entire sw lifecycle. We share our experience in applying this approach to Security, & demonstrate how Open Source tools such as OWASP ZAP, while not covering all risks, effectively help us to continuously caring and testing for Security issues.
My passion for information security began in the world of networking with the configuration of my first VPN, then my interests have shifted to the world system administration, always with a focus on security. I have been involved in the design of highly-reliable SCADA systems for public utilites and at the same time, to test the security of the systems that we put in the field , I approached the world of penetration testing . In recent years I have continued the activities of vulnerability assessment and penetration testing devoting more and more time to distributed&web application security