The Security Issue That Killed a Financial Product Launch - Nicola Sedgwick
24 Oct 2019
-
Locked
Security issues can be identified using the stock-and-trade critical thinking skills of a tester.
Â
Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.
Â
Â
Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.
Â
Â
Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or purchase - because it's my brain, but your brain is capable of doing the same.
Â
Â
Takeaways
- security issues can be identified by all team members not just security experts
- critical thinking and the human brain are amazing tools for finding security issues
- security testing should take place throughout development and not just pre-release
Manage your entire QA lifecycle in one place. Sync Jira, automate scripts, and use AI to accelerate your testing.
Explore MoT
Thu, 1 Oct
A tech conference to help you navigate the ever-shifting landscape of Quality Engineering, AI, Leadership, Product, Accessibility and Security.
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
Debrief the week in Quality via a community radio show hosted by Simon Tomes and members of the community
Comments