All of us understand and accept the necessity to have adequate security testing for our applications. The question we will delve into here is “is it possible to automate security testing as part of an application’s continuous integration cycle? If so, what are the benefits of doing so?”
In an agile environment, it is common to have a continuous integration (CI) process in place to merge developer code into a common repository. Each code merge is then verified by an automated build process to detect code integration issues. CI makes the development process faster and drastically cuts down the time to market. But this rush does not bode well for security testing. It can leave vulnerabilities in the code undetected.