WHAT? WHY? WHO? AND HOW? OF APPLICATION SECURITY TESTING
Declan O’Riordan, Testing IT, UK (winner of the ‘Best Paper’ 2014)
A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.
For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.
Follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.
After this presentation you can stop describing security as ‘Out of Scope’ from your test plans.
TRYING TO TEACH TESTING SKILLS AND JUDGMENT
Rikard Edgren, LearningWell West, Sweden –winner of the ‘Best Tutorial’ 2014
Since 2011, I have spent 1500 hours of actively teaching software testing to higher vocational students in Sweden. It is educations spanning 1 to 2 years aimed at providing professionals that the industry needs. My colleague Henrik Emilsson and I set out to enable the students to master the activity of testing, letting students capture both explicit knowledge like testing techniques, but also tacit skills and judgments like these:
- Asking the right questions
- Understanding what is important
- Seeing many perspective and test ideas
- Selecting effective test strategies
- Capturing serendipity
- Understanding which bugs are important
- Realizing when testing is good enough
In this presentation I share our teaching philosophy and practice, including examples of real-world stories and typical exercises we let the students perform. I explain why discussions among students are important, and how I as a teacher give feedback to drive the learning in good directions.
Key points:
- hear how a teacher of testing thinks
- see examples of challenging testing exercises
- get a better understanding of skills and judgement in testing
PASSIONATE DATING FOR TESTERS (AND VICE VERSA)
René Tuinhout, Piqto, Netherlands – One of the highest scoring Track Sessions at EuroSTAR 2014
In this fun webinar, René shows which test techniques are subconsciously used successfully when people date, and he shows why you, successful male and female testers, have it in you to be highly successful daters: Because of your capable use of testing techniques.
Amongst other techniques:
– Equivalence partitioning
– (Black box) boundary value analysis
– Decision tables
– State transition testing and
– Process test
are covered in this humorous webinar and shown to be successful dating techniques. Furthermore, René shares his experiences on the subject, uncovering failures and successes.