Security in an application is often implemented as an afterthought and is generally only focussed on implementing security rules for controlling access. However when developing an application or rather a system there are more things to take into consideration regarding security. To mention a few:
– Possible attack vectors for the application (CSRF attacks or XSS attacks)
– Security vulnerabilities in the platform and frameworks used
– Security vulnerabilities in the container produced by the build
– Certificates, TLS and used ciphers
In this session we will take a look at how we can use the build and continuous integration environment to create a secure development environment and automatically detect security flaws in our system. We will live code and protect a Spring Boot application and configure/prepare our build and CI/CD environment to check for security vulnerabilities.