Explore methods for calculating and tracking web application attack surface evolution in this 27-minute conference talk from AppSec EU 2017. Dive into techniques for integrating security testing into CI/CD pipelines, focusing on metrics and thresholds for DevOps practices. Learn about manual testing, hybrid analysis mapping, and dynamic application security testing. Discover how to use commandline client scans, analyze changes over time and between commits, detect new attack surfaces, and identify potential vulnerabilities in GitHub repositories. Gain valuable insights on optimizing security testing activities and effectively monitoring your application's attack surface to enhance overall security posture.