But I'm Not A Security Tester! - Kate Paulk

13th January 2023
  • Locked
Kate Paulk's profile
Kate Paulk

Systems Quality Analyst

But I'm Not A Security Tester! - Kate Paulk image
Talk Description

"But I'm Not A Security Tester!"… or so I thought until I discovered a portal to Cthulhu's realm deep in the bowels of the application. With one little change, I summoned the Great Old Ones.

A sensible person would have run screaming in terror. I investigated - until I learned how the tentacled horror was summoned. *Then* I ran. And screamed.

How do you face an Elder God you accidentally summoned? People better than me have failed. If we don't understand the horrors in our applications, who knows what we could unleash on an unsuspecting world?

We've all been tempted to delve into forbidden places despite our "just the specs, ma'am" requirements. That doesn't mean we can't do a little dark magi… ahem … security testing.

If you've ever had to retest an application that had to be rewritten because the professional security testers found a major problem in the fundamental design of the software, you understand that designing and testing for security has to be the whole team's responsibility - but where do you, the functional tester start?

If you don't know much (or anything) about security testing, and you're scared to start - or you think it doesn't apply to you - this session is for you. If you're a functional tester or work primarily with automation, and you test applications that store people's names, their addresses, anything financial, or have some kind of government regulations about your software security, this session is for you.


  • You will see a short video demonstrating introductory security testing techniques using Fiddler, a simple, free tool; with explanations and examples (and tentacles).
  • The demonstration and presentation will allow you to become more confident in the security testing realm.
  • Handouts/Links/References will be provided for helpful introductory sites.
  • Basic security terminology will be explained.
  • Basic protocol for functional testers performing security testing will be explained.


What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Kate Paulk's profile'

Kate Paulk

Systems Quality Analyst

I like to refer to myself as a chaos magnet, because if software is going to go wrong, it will go wrong for me. I stumble over edge cases without trying, accidentally summons demonic entities, and am a shameless geek girl of the science fiction and fantasy variety, with a strange sense of humor. Testing for more than 15 years has done nothing to make my sense of humor any less strange. I have a twitter account which I mostly ignore, and a Facebook account which I also ignore. If there's anyone who is worse than me at social media, I haven't met them. The same applies to my very intermittently updated blog (which I've been meaning to get back to for... more than 3 years now)
Suggested Content
Tips For The Lone Tester: Challenges With Software
Testing Ask Me Anything - Robots in Automation
In A World Of Record And Play, Where Does Playwright Fit In?
Making Security Testing More User Friendly
What is Security?
The Bittersweetness of Security Testing - Anne Oikarinen
🕵️‍♂️ Bring your team together for collaborative testing and start for free today!
Explore MoT
Episode Four: The Practitioner
The Testing Planet is a free monthly virtual community gathering produced by Ministry of Testing
A Software Tester’s Guide To Chrome Devtools
Learn how to dig deeper into the Web with the use of Devtools


  • security
  • testing-tools