Dr. John DiLeo leads the Software Assurance advisory practice within Datacom New Zealand’s Application Security (AppSec) Services team, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. As part of their services, John and his team present training covering various AppSec domains, including secure coding, security testing, and threat modelling.
Before moving to application security, John was active as a Java enterprise architect and Web application developer. In an earlier life, John developed discrete-event simulations of large distributed systems, in a variety of languages - including the Java-based language (FreeSML) he developed as part of his doctoral research.
John is the Auckland-area leader of the OWASP New Zealand Chapter, is a co-author of the OWASP Software Assurance Maturity Model (SAMM) 2.0, and is active on the OWASP Education and Training Committee and Application Security Curriculum Project.
Software security testing is a key component of any organisation’s software assurance programme. This class covers recommended Security Testing practices to verify and validate an application’s security features:
- Verify – How do we confirm our application’s security features were built right?
- Validate – How do we confirm we built the right security features?
Topics covered during this interactive session will include:
- security testing strategy;
- developing security test cases;
- automated and manual testing approaches
- automated security testing (AST) tools; and
- integrating AST tooling into DevSecOps pipelines.