How you as a non-security tester can contribute to a more secure web for all
Security needs to be the responsibility of the whole team
Modern software development with rapid-release cycles calls for a different approach to security. With autonomous teams shipping code to production several times a day, we can no longer depend exclusively on external security audits. Instead, the whole team needs to work with security.
Scanning for vulnerabilities, monitoring production and performing penetration tests are important, but it is not enough.
This presentation will give practical tips for how you as a non-security tester can contribute and ensure that your application is as secure as possible. You will learn how you can utilize domain knowledge to find security flaws and how to identify the areas of your application where the errors are most likely to be found.