Carlo Bonamico, Gabriele Guasco


The "Security Sandwich" approach (up-front design + end-of-project Vulnerability Assessment) ineffectively exposes most vulnerabilities just before Production, when there is no more time/budget for massive refactoring or changes. Recently, Continuous Integration & Delivery achieved their huge positive impact by spreading Testing and Quality through the entire sw lifecycle. We share our experience in applying this approach to Security, & demonstrate how Open Source tools such as OWASP ZAP, while not covering all risks, effectively help us to continuously caring and testing for Security issues.

Language: Italian

Level: Intermediate

Carlo Bonamico

Solution Architect - NIS s.r.l.

Carlo’s passion for Software began with a C128, then grew with Linux, Java/JavaScript, web & enterprise apps, and now cloud & security. After a PhD and research experience at the University of Genova and the CNIT National TLC Research Consortium, and an exciting time at startup Eptamedia, he’s now a Solution Architect and Senior Trainer at NIS s.r.l.. His personal communication style as an architect and trainer, both technically precise and able to present in an engaging way complex topics to an heterogeneous audience has been appreciated online and at many events from Devoxx to Codemotion.

Go to speaker's detail

Gabriele Guasco

Security Consultant - NIS srl

My passion for information security began in the world of networking with the configuration of my first VPN, then my interests have shifted to the world system administration, always with a focus on security. I have been involved in the design of highly-reliable SCADA systems for public utilites and at the same time, to test the security of the systems that we put in the field , I approached the world of penetration testing . In recent years I have continued the activities of vulnerability assessment and penetration testing devoting more and more time to distributed&web application security