The Security Issue That Killed a Financial Product Launch - Nicola Sedgwick
24th October 2019
-
Locked
Nicola Sedgwick
Talk Description
Security issues can be identified using the stock-and-trade critical thinking skills of a tester.
Â
Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.
Â
Â
Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.
Â
Â
Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or purchase - because it's my brain, but your brain is capable of doing the same.
Â
Â
Takeaways
- security issues can be identified by all team members not just security experts
- critical thinking and the human brain are amazing tools for finding security issues
- security testing should take place throughout development and not just pre-release
By the end of this session, you'll be able to:
- TBA
Suggested Content
Enhance test coverage, and streamline automation. Take a tour!
Explore MoT
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
A one-day educational experience to help business lead with expanding quality engineering and testing practices.
Debrief the week in Testing via a community radio show hosted by Simon Tomes and members of the community
