What? Why? Who? And How? Of Application Security Testing
Passive testing resulted in several of my internet-facing projects receiving little regard to security other than the traditional access control matrix. Upon deciding to take a more assertive approach to security testing I found flaws in our testing, development, design and requirements capture processes and began to challenge the situation. I found allies in the security team who admitted they could only cope with filtering out some attacks at the network perimeter. If attacks got inside the perimeter the battle was probably lost. The realization that application security was substantially different to transport layer security led to a firm belief…....
You need to Register or to access the full content.
I had never spoken in public before 2014, yet set myself the goals of being accepted as a speaker for EuroSTAR, winning the prize for best conference paper, and having my talk voted the ‘do-over session’ that attendees would most like to have repeated. All these goals were achieved, and have led to my joining the 2015 EuroSTAR programme committee. My long journey to these attainments is described in the eBook ‘What? Why? Who? And How? Of Application Security’.