Real World Security Testing

Testing for security is an increasingly important and visible part of software delivery. The classic formula for security testing isn’t working and security analysis tools can’t reliably find certain basic problems. Matt introduces concrete things testing teams can do to contribute to the security of a system and identifies opportunities to include more advanced manual testing of scenarios that are often overlooked. Process improvements that range from articulating security acceptance criteria to checklists are discussed. In some cases, test automation can be used to raise the security of delivered software. In all cases, the villain persona and negative testing scenarios are foundational to effective security testing. In addition to specific actionable security testing strategies, one goal of the talk will be to provide some high level context for thinking about security testing and how to integrate it into the software development lifecycle effectively. Take the security of your applications to the next level and be more confident.

Learning Objectives:

  • Learn manual testing steps for two classes of security vulnerabilities (xss and authorization)
  • Identify where and when to use automated tools for security testing
  • Integrate security into the development process

Location: Date: April 21, 2016 Time: 1:30 pm - 3:00 pm hs__Matt_Konda Matt Konda