What? Why? Who? How? Of Application Security Testing
Declan O'Riordan
TestingIT
A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.
For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.
Follow the journey that led Declan O’Riordan to believe that every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.
After this presentation you can stop describing security as ‘Out of Scope’ from your test plans.
About Me!
Declan O’Riordan is a tremendous profes… actually you know it’s me writing this don’t you? I haven’t written any books and don’t have anything to sell, I’m not special at all. I’m just a system test manager, and I’ve learned how to include application security testing in my daily work. If I can test application security, then you can too.
This is the only subject in my 33-year IT career that I’ve ever felt is so important I have to get up on stage and make more people aware. When I started speaking about application security I found the audiences really enjoyed the story and returned to work galvanised into action. I’m confident the EuroSTAR audience will feel the same. This is useful stuff.