Exploring Security in Day-to-day Testing

10th October 2023
  • Locked
Richard Adams's profile
Richard Adams

Senior Quality Engineer

Exploring Security in Day-to-day Testing image
Like Bookmark
Talk Description
Security testing sounds like it might be best left to the “experts”, whoever they are, but I will share how we can include it in our day-to-day testing. From exploratory testing to API and automated testing, there are things that we can and should be doing.

Through my talk, I will share how I’ve learnt how my time spent on training courses and taking part in challenges has shown me that security testing is perfect for the exploratory tester. We will learn some basic techniques using just our browsers and also how free tools can help us along the way.
What you’ll learn

By the end of this talk, you'll be able to:

  • Describe what XSS, SQL injection and elevation of privilege attacks are
  • Recognise that security testing is something that they can & should be doing
  • Identify the "low hanging fruit" security bugs in their software
  • Execute penetration tests against an online system (workshop/activity only)
Richard Adams's profile'

Richard Adams

Senior Quality Engineer

After my first full time job as a games tester, I've had a varied career from Gameplay Systems Designer to Software Engineer for security systems with a couple of roles in between. I've since returned to testing as I have a huge passion for testing and just love finding bugs! As well as being a Senior Test Engineer, I am also a Cyber Champion within my organisation. This means that I help drive good security practices and in particular I love getting the team involved in threat modelling. I also get free training on all things security! Out of work I love gaming and carrying on my interest in threat modelling, I have also created a card game called Threat Agents.
Red Pen Testing image
Red Pen Testing
  • Richard Adams's profile
30-45 minutes
Suggested Content
Testing Autonomous Beasts: With Great Value Comes Great Responsibility
TestBash Revisited: Exploratory Testing with the Team, a Journey Worth Taking
Using Empathy To Guide An Exploratory Accessibility Testing Session
Unmasking Security: Seeing Through the Eyes of an Attacker - Saskia Coplans
The Bittersweetness of Security Testing - Anne Oikarinen
Red Pen Testing
Ask Me Anything about Security in Testing
Red Pen Testing
You Know Code, We Know Security!
With a combination of SAST, SCA, and QA, we help developers identify vulnerabilities in applications and remediate them rapidly. Get your free trial today!
Explore MoT
TestBash Brighton 2024
TestBash Brighton 2024
Thu, 12 Sep 2024, 9:00 AM
We’re shaking things up and bringing TestBash back to Brighton on September 12th and 13th, 2024.
Web Application Security Testing 101 - Dan Billing
Web Application Security Testing 101 - Dan Billing
Get started with security testing web application

Topics

Tags

  • security
  • exploratory-testing
  • pen-testing