Put your robots to work: security automation at Twitter presented at AppSecUSA 2012

by Neil Matatall, Justin Collins, Alex Smolen,

Summary : With daily code releases and a growing infrastructure, manually reviewing code changes and protecting against security regressions quickly becomes impractical. Even when using security tools, whether commercial or open source, the difficult work of integrating them into the development and security cycles remains. We need to use an automated approach to push these tools as close to when the code is written as possible, allowing us to prevent potential vulnerabilities before they are shipped. We worked with development, operations, and release teams to create a targeted suite of tools focused on specific security concerns that are effective and dont introduce any noise. This presentation will give an overview of what weve done over the past year, what we have learned along the way, and will provide advice for anyone else going down this road.