Security for non-security testers

25-minute Talk

Security needs to be the responsibility of the whole team

Virtual Pass session


10:45 a.m. – 11:30 a.m. Wednesday 23rd


Room F2 - Track 2: Talks




  • All users are not equal
  • What you see is not enough - inspect the API
  • Hidden features, hidden security pitfalls
  • Be aware of external systems
  • Know when to bring in the experts

How you as a non-security tester can contribute to a more secure web for all

Modern software development with rapid-release cycles calls for a different approach to security. With autonomous teams shipping code to production several times a day, we can no longer depend exclusively on external security audits. Instead, the whole team needs to work with security. Scanning for vulnerabilities, monitoring production and performing penetration tests are important, but it is not enough. This presentation will give practical tips for how you as a non-security tester can contribute and ensure that your application is as secure as possible. You will learn how you can utilize domain knowledge to find security flaws and how to identify the areas of your application where the errors are most likely to be found.

Related Sessions

Virtual Pass session
10:45 a.m. – 11:30 a.m.
Room F1 - Track 1: Talks

25-minute New Voice Talk

4:00 p.m. – 4:45 p.m.
Room E1 - Track 4: Vendor Talks

25-minute New Voice Talk

Virtual Pass session
2:45 p.m. – 3:30 p.m.
Room F3 - Track 3: Talks

25-minute Talk

10:45 a.m. – 12:30 p.m.
Room D5+D6 - Track 6: Accessibility Deep Dive

105-minute Workshop