Security Testing for Software Testers

Duration: full day

Wed 9th:

  • $747.50: 10 spaces [ Buy Ticket ]
  • Free: 10 spaces [ CLOSED ]

Abstract

Testing is a key part of development lifecycles, from checking your functional requirements actually work to constraining development to keep code focused and concise (TDD). Security testing however is often not conducted inside our lifecycles. We often wait until development is completed and ask third party penetration testing firms to find our issues for us.

Bugs are often missed or are found too late to remediate. Cost of remediation escalates and our systems become tightly coupled and increasingly fragile as a result.

Why would we want to finish engineering before finding fundamental security issues? Shouldn't we try to find these as early and often as possible? Shouldn't we take every opportunity to identify security flaws in our applications?

SafeStack helps teams weave security testing into their own testing lifecycles and tool chains without compromising agility or innovation.

Agenda

  • Security test cases, stories and what to test
  • Manual security testing key skills (parameter tampering, proxying and other basics)
  • Introduction to security testing frameworks
  • Automated security testing
  • Introduction to vulnerability scanning
  • Automated vulnerability scanning as part of development tool chains

We will assume you are familiar with the basics of web application security vulnerabilities and the OWASP top 10.

What to bring

Participants must bring their own laptop. Details about required tools etc will be provided before the course.