Security flaws make the news every day, and many test processes do not include security requirements. QA has the opportunity to improve the security posture of the organization. In this talk, find out how to shift security left using threat modelling, collaboration with Application Security, and risk-based security testing, as well as for the story about how a tester learned to leave the paved road, build a framework for further exploration, and find bugs far from the happy path!
Sylvia Killinen is a QA tester turned application security engineer. With eight years of focus on security, she has turned toward collaboration across silos as a solution to many problems in software development. Sylvia has worked on several security projects including secure credit card processing. She has introduced threat modelling practices to a variety of software development methodologies like SDLC, Scrum, and Kanban.