There is a large variety of very powerful penetration testing tools out there. Those tools should be used as much as possible as they are proven in the field and widely used and recommended. Some frameworks utilize many of those tools by adapting them to be used in the security test automation. Also tools such as dependency checkers and static analysis tools can be customized and included in the continuous security testing process.
The aim here is to integrate the finding of security issues according to a standard (for example OWASP ASVS), into the continuous delivery process and report them accordingly within the software vulnerability management system and/or issue tracking system. By implementing continuous security testing within your continuous delivery process you ensure that at least some of most common security flaws could be avoided.
Buy this talk
Buy this video
ConferenceCast.tv — conference video talk archive.
With this service you can find interesting talks especially for you!