<< Go Back

Zen And The Art Of Security Testing

Paco Hope

Cigital

Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.

Key Takeaways:

  • Great places in the user journey to inject security tests
  • Ways to augment existing test approaches to cover security concerns
  • Typical security tools that are free, cheap, and easy for software testers

 

 

About Me!

Author of two security books and frequent conference speaker, Paco Hope is a Principal Consultant with Cigital Ltd and has been working in the field of software security for nearly 15 years. Paco helps clients in the financial, retail, and online gaming industries build secure software by performing source code review and architectural risk analysis. He is also a member of an advisory council with (ISC)² and serves as a subject matter expert for the CISSP and CSSLP security certifications.

Twitter – @pacohope

See more

Webinar

Application Security Flaws in the Internet of Things

Ken Munro

eBook

Spring Security – Cloud Automation

Mick Knutson, Robert Winch & Peter Mularien

eBook

Cloud Security Automation

Prashant Priyam

Webinar

Application Security Testing – Where Did It All Go Wrong?

Declan O'Riordan

Similar Categories

Webinar Non-Functional Testing