The Bittersweetness of Security Testing - Anne Oikarinen

  • Locked
Anne Oikarinen's profile
Anne Oikarinen

Senior Security Consultant

The Bittersweetness of Security Testing - Anne Oikarinen image
Talk Description

Security testing, also known as white hat hacking, is a special art of testing. In this talk I will share my experiences as being a white hat hacker and how it differs from being a software tester in a development team.

Whereas a software tester is usually involved in the development process, a security tester may see the piece of software for the first time when the audit is about to begin. The information you get beforehand varies from an exhausting documentation overload to complete zero. Sometimes there's even hostility involved - the expectation is that the less you tell, the less security bugs will be found.

Another example is requirements. Testing usually involves a set requirements to compare to. Security testing on the other hand, may have no original requirements at all (security is an afterthought). There are frameworks to refer to, but you might have to make up your own requirements case by case. Sometimes very weird customer expectations and fears from the developers are sort of additional requirements.

What goes to similarities, in any testing activity your best reward is the feeling of having filed a critical bug and then verifying the fix. Although I must confess there's this special something when you get that first alert(XSS) popup.

Key takeaways from this talk:

  • What kind of security related testing you can do with your software without being a pentester or without having any information security background.
  • What to take into account and how to succeed when hiring external security consultants to do security audits or penetration testing.
  • What can you achieve with automation in security testing.

 

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Anne Oikarinen's profile'

Anne Oikarinen

Senior Security Consultant

Anne Oikarinen is a Senior Security Consultant who works with security and software development teams to help them design and develop secure software. Anne believes that cyber security is an essential part of software quality.

After working several years in a security software development team in various duties such as testing, test management, training, network design and product owner tasks, Anne focused her career fully on cyber security. In her current job at Nixu Corporation, Anne divides her time between hacking and threat analysis - although as network geek, she will also ensure that your network architecture is secure. Anne also has experience on incident response and security awareness after working in the National Cyber Security Centre of Finland.

Anne holds a Master of Science (Technology) degree in Communication Networks and Protocols from Tampere University of Technology, Finland.

Suggested Content
Partner Peek - Ranorex - ROI of Automated Testing
"Are we there yet? Driving quality & tackling automation debt" with Amber Pollack-Berti
Digging In: Getting Familiar With The Code To Be A Better Tester - Hilary Weaver-Robb
Your Weekly Testing News - Issue 439
How To Break Into Software Testing
Lessons From Both Sides of the Interview Table
How To Be A Redshirt And Survive! - Dan Billing
United by Security : The Test that Divides Us - Jahmel Harris & Claire Reckless
Discussion: The "Whens" and "Whys" of Automation
Explore MoT
Episode One: The Companion
A free monthly virtual software testing community gathering
MoT Advanced Certificate in Test Automation
Ascend to leadership roles by mastering strategic skills in automation strategy creation, planning and execution

Tags

  • security
  • automation
  • recruitment