But I'm Not A Security Tester! - Kate Paulk

  • Locked
Kate Paulk's profile
Kate Paulk

Systems Quality Analyst

But I'm Not A Security Tester! - Kate Paulk image
Talk Description

"But I'm Not A Security Tester!"… or so I thought until I discovered a portal to Cthulhu's realm deep in the bowels of the application. With one little change, I summoned the Great Old Ones.

A sensible person would have run screaming in terror. I investigated - until I learned how the tentacled horror was summoned. *Then* I ran. And screamed.

How do you face an Elder God you accidentally summoned? People better than me have failed. If we don't understand the horrors in our applications, who knows what we could unleash on an unsuspecting world?

We've all been tempted to delve into forbidden places despite our "just the specs, ma'am" requirements. That doesn't mean we can't do a little dark magi… ahem … security testing.

If you've ever had to retest an application that had to be rewritten because the professional security testers found a major problem in the fundamental design of the software, you understand that designing and testing for security has to be the whole team's responsibility - but where do you, the functional tester start?

If you don't know much (or anything) about security testing, and you're scared to start - or you think it doesn't apply to you - this session is for you. If you're a functional tester or work primarily with automation, and you test applications that store people's names, their addresses, anything financial, or have some kind of government regulations about your software security, this session is for you.

Takeaways

  • You will see a short video demonstrating introductory security testing techniques using Fiddler, a simple, free tool; with explanations and examples (and tentacles).
  • The demonstration and presentation will allow you to become more confident in the security testing realm.
  • Handouts/Links/References will be provided for helpful introductory sites.
  • Basic security terminology will be explained.
  • Basic protocol for functional testers performing security testing will be explained.

 

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Kate Paulk's profile'

Kate Paulk

Systems Quality Analyst

I like to refer to myself as a chaos magnet, because if software is going to go wrong, it will go wrong for me. I stumble over edge cases without trying, accidentally summons demonic entities, and am a shameless geek girl of the science fiction and fantasy variety, with a strange sense of humor. Testing for more than 15 years has done nothing to make my sense of humor any less strange. I have a twitter account which I mostly ignore, and a Facebook account which I also ignore. If there's anyone who is worse than me at social media, I haven't met them. The same applies to my very intermittently updated blog (which I've been meaning to get back to for... more than 3 years now)
Suggested Content
Are You Ready To Take The Test.Bash(); 2022 Challenges?
Feature Spotlight: JQL
Kill the Mutants! - Nico Jansen & Simon de Lang
First Steps in Security - Threat Modeling
Testing or Hacking? Real Advice on Effective Security Testing Strategies – Dan Billing
The Bittersweetness of Security Testing - Anne Oikarinen
Explore MoT
TestBash Brighton 2024
Thu, 12 Sep 2024, 9:00 AM
We’re shaking things up and bringing TestBash back to Brighton on September 12th and 13th, 2024.
Web Application Security Testing 101 - Dan Billing
Get started with security testing web application

Tags

  • security
  • testing-tools