Room
Room F2 - Track 2: Talks
Audience
Tester
Key-Learning
- All users are not equal
- What you see is not enough - inspect the API
- Hidden features, hidden security pitfalls
- Be aware of external systems
- Know when to bring in the experts
How you as a non-security tester can contribute to a more secure web for all
Modern software development with rapid-release cycles calls for a different approach to security. With autonomous teams shipping code to production several times a day, we can no longer depend exclusively on external security audits. Instead, the whole team needs to work with security.
Scanning for vulnerabilities, monitoring production and performing penetration tests are important, but it is not enough.
This presentation will give practical tips for how you as a non-security tester can contribute and ensure that your application is as secure as possible. You will learn how you can utilize domain knowledge to find security flaws and how to identify the areas of your application where the errors are most likely to be found.