The Security Issue That Killed a Financial Product Launch - Nicola Sedgwick
24th October 2019
-
Locked
Nicola Sedgwick
Talk Description
Security issues can be identified using the stock-and-trade critical thinking skills of a tester.
Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.
Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.
Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or purchase - because it's my brain, but your brain is capable of doing the same.
Takeaways
- security issues can be identified by all team members not just security experts
- critical thinking and the human brain are amazing tools for finding security issues
- security testing should take place throughout development and not just pre-release
By the end of this session, you'll be able to:
- TBA
Suggested Content
On the 1st & 2nd of October 2025 we're back in Brighton for TestBash: the largest software testing conference in the UK
Explore MoT
Tue, 6 May
The Future of Testing in an Automated World: Embracing Continuous Learning and A
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts. Early access available now at a discounted rate!
A one-day educational experience to help business lead with expanding quality engineering and testing practices.
Debrief the week in Testing via a community radio show hosted by Simon Tomes and members of the community
