Published Jul 7, 2021

Episode-467-Kim-Carter-on-Dynamic-Application-Security-Testing

Kim Carter delves into the integration of dynamic application security testing within the software development lifecycle, focusing on the OWASP Purple Team project's role in improving code quality and defect detection. By emphasizing adaptable security tools, Carter highlights how these practices enable continuous security advancements and robust application protection.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Popular Clips

Episode Highlights

  • Tool Integration

    Integrating security tools into the software development lifecycle is crucial for ensuring comprehensive assessments. explains how the OWASP Purple Team project facilitates this integration by offering a language-agnostic CLI that can be embedded into any build pipeline 1. This flexibility allows developers to customize their security testing environment, adapting it to various project needs. Carter notes, "We haven't come across any build pipelines that we couldn't install it into," highlighting the tool's adaptability 1.

       

    Code Quality

    Security practices and tools like DAST play a vital role in enhancing code quality by reducing defects. shares insights on how repeated exposure to similar defects encourages developers to adopt better practices, such as introducing new libraries or techniques to prevent recurring issues 2. This proactive approach not only improves the software architecture but also aligns with principles of test-driven development. "It's about creating loosely coupled components that can change easily," Carter emphasizes, underscoring the importance of adaptable design 2.

Related Episodes