Security for non-security testers

25-minute Talk

Security needs to be the responsibility of the whole team

Virtual Pass session

Timetable

10:45 a.m. – 11:30 a.m. Wednesday 23rd

Room

Room F2 - Track 2: Talks

Audience

Tester

Key-Learnings

  • All users are not equal
  • What you see is not enough - inspect the API
  • Hidden features, hidden security pitfalls
  • Be aware of external systems
  • Know when to bring in the experts

How you as a non-security tester can contribute to a more secure web for all

Modern software development with rapid-release cycles calls for a different approach to security. With autonomous teams shipping code to production several times a day, we can no longer depend exclusively on external security audits. Instead, the whole team needs to work with security. Scanning for vulnerabilities, monitoring production and performing penetration tests are important, but it is not enough. This presentation will give practical tips for how you as a non-security tester can contribute and ensure that your application is as secure as possible. You will learn how you can utilize domain knowledge to find security flaws and how to identify the areas of your application where the errors are most likely to be found.

Related Sessions

Mon, Nov 21 • 9:00 a.m. – 5:00 p.m.
F-,E- & D-Rooms

Full-Day Tutorial (6 hours)

Thu, Nov 24 • 10:45 a.m. – 12:30 p.m.
Room D5+D6 - Track 6: Accessibility Deep Dive

105-minute Workshop

Thu, Nov 24 • 4:00 p.m. – 4:45 p.m.
Room E1 - Track 4: Vendor Talks

25-minute New Voice Talk

Virtual Pass session
Tue, Nov 22 • 11:45 a.m. – 12:30 p.m.
Room F1 - Track 1: Talks

25-minute Talk