The Bittersweetness of Security Testing - Anne Oikarinen

  • Locked
Anne Oikarinen's profile
Anne Oikarinen

Senior Security Consultant

The Bittersweetness of Security Testing - Anne Oikarinen image
Talk Description

Security testing, also known as white hat hacking, is a special art of testing. In this talk I will share my experiences as being a white hat hacker and how it differs from being a software tester in a development team.

Whereas a software tester is usually involved in the development process, a security tester may see the piece of software for the first time when the audit is about to begin. The information you get beforehand varies from an exhausting documentation overload to complete zero. Sometimes there's even hostility involved - the expectation is that the less you tell, the less security bugs will be found.

Another example is requirements. Testing usually involves a set requirements to compare to. Security testing on the other hand, may have no original requirements at all (security is an afterthought). There are frameworks to refer to, but you might have to make up your own requirements case by case. Sometimes very weird customer expectations and fears from the developers are sort of additional requirements.

What goes to similarities, in any testing activity your best reward is the feeling of having filed a critical bug and then verifying the fix. Although I must confess there's this special something when you get that first alert(XSS) popup.

Key takeaways from this talk:

  • What kind of security related testing you can do with your software without being a pentester or without having any information security background.
  • What to take into account and how to succeed when hiring external security consultants to do security audits or penetration testing.
  • What can you achieve with automation in security testing.

 

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Anne Oikarinen's profile'

Anne Oikarinen

Senior Security Consultant

Anne Oikarinen is a Senior Security Consultant who works with security and software development teams to help them design and develop secure software. Anne believes that cyber security is an essential part of software quality.

After working several years in a security software development team in various duties such as testing, test management, training, network design and product owner tasks, Anne focused her career fully on cyber security. In her current job at Nixu Corporation, Anne divides her time between hacking and threat analysis - although as network geek, she will also ensure that your network architecture is secure. Anne also has experience on incident response and security awareness after working in the National Cyber Security Centre of Finland.

Anne holds a Master of Science (Technology) degree in Communication Networks and Protocols from Tampere University of Technology, Finland.

Suggested Content
Parameterisation and Datasets within Xray
An Introduction To The Automation Test Wheel
Ask Me Anything - Vernon Richards
How To Break Into Software Testing
Your Weekly Testing News - Issue 439
Crowdsourcing Your Learning
FinTech Testing 101
Unmasking Security: Seeing Through the Eyes of an Attacker - Saskia Coplans
Exploring Security in Day-to-day Testing
Explore MoT
TestBash Brighton 2024
Thu, 12 Sep 2024, 9:00 AM
We’re shaking things up and bringing TestBash back to Brighton on September 12th and 13th, 2024.
MoT Foundation Certificate in Test Automation
Unlock the essential skills to transition into Test Automation through interactive, community-driven learning, backed by industry expertise

Tags

  • security
  • automation
  • recruitment