But I'm Not A Security Tester! - Kate Paulk

  • Locked
Kate Paulk's profile
Kate Paulk

Systems Quality Analyst

But I'm Not A Security Tester! - Kate Paulk image
Talk Description

"But I'm Not A Security Tester!"… or so I thought until I discovered a portal to Cthulhu's realm deep in the bowels of the application. With one little change, I summoned the Great Old Ones.

A sensible person would have run screaming in terror. I investigated - until I learned how the tentacled horror was summoned. *Then* I ran. And screamed.

How do you face an Elder God you accidentally summoned? People better than me have failed. If we don't understand the horrors in our applications, who knows what we could unleash on an unsuspecting world?

We've all been tempted to delve into forbidden places despite our "just the specs, ma'am" requirements. That doesn't mean we can't do a little dark magi… ahem … security testing.

If you've ever had to retest an application that had to be rewritten because the professional security testers found a major problem in the fundamental design of the software, you understand that designing and testing for security has to be the whole team's responsibility - but where do you, the functional tester start?

If you don't know much (or anything) about security testing, and you're scared to start - or you think it doesn't apply to you - this session is for you. If you're a functional tester or work primarily with automation, and you test applications that store people's names, their addresses, anything financial, or have some kind of government regulations about your software security, this session is for you.

Takeaways

  • You will see a short video demonstrating introductory security testing techniques using Fiddler, a simple, free tool; with explanations and examples (and tentacles).
  • The demonstration and presentation will allow you to become more confident in the security testing realm.
  • Handouts/Links/References will be provided for helpful introductory sites.
  • Basic security terminology will be explained.
  • Basic protocol for functional testers performing security testing will be explained.

 

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Kate Paulk's profile'

Kate Paulk

Systems Quality Analyst

I like to refer to myself as a chaos magnet, because if software is going to go wrong, it will go wrong for me. I stumble over edge cases without trying, accidentally summons demonic entities, and am a shameless geek girl of the science fiction and fantasy variety, with a strange sense of humor. Testing for more than 15 years has done nothing to make my sense of humor any less strange. I have a twitter account which I mostly ignore, and a Facebook account which I also ignore. If there's anyone who is worse than me at social media, I haven't met them. The same applies to my very intermittently updated blog (which I've been meaning to get back to for... more than 3 years now)
Suggested Content
Learning to Ask for Testability - Nicola Owen
Tips For The Lone Tester: Challenges With Software
Skyrocket Your Test Coverage With Model-Based Testing Using TestCompass
TestBash Revisited - Threat Modelling: How Software Survives in a Hacker’s Universe - Saskia Coplans
30 Days of Security Testing
Arabic Ask Me Anything - Performance/Security Testing with Mohamed Tarek
Explore MoT
TestBash Brighton 2024
Thu, 12 Sep 2024, 9:00 AM
We’re shaking things up and bringing TestBash back to Brighton on September 12th and 13th, 2024.
Be Wise, Do Pairwise
Be Wise, Do PairWise: A Method To Reduce Test Combinations

Tags

  • security
  • testing-tools