But I'm Not A Security Tester! - Kate Paulk

  • Locked
Kate Paulk's profile
Kate Paulk

Systems Quality Analyst

But I'm Not A Security Tester! - Kate Paulk image
Talk Description

"But I'm Not A Security Tester!"… or so I thought until I discovered a portal to Cthulhu's realm deep in the bowels of the application. With one little change, I summoned the Great Old Ones.

A sensible person would have run screaming in terror. I investigated - until I learned how the tentacled horror was summoned. *Then* I ran. And screamed.

How do you face an Elder God you accidentally summoned? People better than me have failed. If we don't understand the horrors in our applications, who knows what we could unleash on an unsuspecting world?

We've all been tempted to delve into forbidden places despite our "just the specs, ma'am" requirements. That doesn't mean we can't do a little dark magi… ahem … security testing.

If you've ever had to retest an application that had to be rewritten because the professional security testers found a major problem in the fundamental design of the software, you understand that designing and testing for security has to be the whole team's responsibility - but where do you, the functional tester start?

If you don't know much (or anything) about security testing, and you're scared to start - or you think it doesn't apply to you - this session is for you. If you're a functional tester or work primarily with automation, and you test applications that store people's names, their addresses, anything financial, or have some kind of government regulations about your software security, this session is for you.

Takeaways

  • You will see a short video demonstrating introductory security testing techniques using Fiddler, a simple, free tool; with explanations and examples (and tentacles).
  • The demonstration and presentation will allow you to become more confident in the security testing realm.
  • Handouts/Links/References will be provided for helpful introductory sites.
  • Basic security terminology will be explained.
  • Basic protocol for functional testers performing security testing will be explained.

 

What you’ll learn

By the end of this talk, you'll be able to:

  • TBA
Kate Paulk's profile'

Kate Paulk

Systems Quality Analyst

I like to refer to myself as a chaos magnet, because if software is going to go wrong, it will go wrong for me. I stumble over edge cases without trying, accidentally summons demonic entities, and am a shameless geek girl of the science fiction and fantasy variety, with a strange sense of humor. Testing for more than 15 years has done nothing to make my sense of humor any less strange. I have a twitter account which I mostly ignore, and a Facebook account which I also ignore. If there's anyone who is worse than me at social media, I haven't met them. The same applies to my very intermittently updated blog (which I've been meaning to get back to for... more than 3 years now)
Suggested Content
Five Optimization And Performance Tools That Enhance Website User Experience
Skyrocket Your Test Coverage With Model-Based Testing Using TestCompass
Making Security Testing More User Friendly
United by Security : The Test that Divides Us - Jahmel Harris & Claire Reckless
30 Days of Security Testing
Getting Started in Security Testing
Explore MoT
Episode One: The Companion
A free monthly virtual software testing community gathering
Improving Your Testing Through Operability
Gain the tools you need to become an operability advocate. Making your testing even more awesome along the way!

Tags

  • security
  • testing-tools