Cybersecurity is an increasingly important topic. Should customers’ private data be exposed, our source code be stolen, or our services be taken offline, it can result in significant financial and reputational damage. Because of this, teams must implement strong security measures to protect these critical assets.
One important way to help safeguard systems is through security testing. This involves experimenting with, exploring, and validating the system to identify vulnerabilities that could lead to data exposure or service disruption. Essentially, it’s about finding weaknesses before attackers do.
We can utilise tools in our security testing to detect potential vulnerabilities and attempt to exploit them to understand their impact. Even without being a security expert, we can find low-hanging fruit such as weak server-side validation or improper authorisation.
In this 404 Talk, Richard Adams walks you through three of his favourite tools for security testing and how they could help you, too.
Resources
Here are links to the tools shown:
- Browser developer tools (built into Chrome, Firefox, Edge, Safari)
- Zed Attack Proxy (ZAP)
- Security testing cheat sheets
Try them out and see how they might fit into your security testing approach.
Comments