Home / resources / non-functional-testing / zen-and-the-art-of-security-testing

Zen And The Art Of Security Testing

Reading Time: 1 minute

Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.

Key Takeaways:

Great places in the user journey to inject security tests
Ways to augment existing test approaches to cover security concerns
Typical security tools that are free, cheap, and easy for software testers

Paco Hope (Cigital, UK)

Author of two security books and frequent conference speaker, Paco Hope is a Principal Consultant with Cigital Ltd and has been working in the field of software security for nearly 15 years. Paco helps clients in the financial, retail, and online gaming industries build secure software by performing source code review and architectural risk analysis. He is also a member of an advisory council with (ISC)² and serves as a subject matter expert for the CISSP and CSSLP security certifications.

Twitter – @pacohope

Leave a Reply Cancel reply

You must be logged in to post a comment.

News from our blog
- Agile Testing vs. Waterfall Testing
  
  Summary When it comes to testing any software project, there is a dilemma of choosing the approach that fits the task best. Agile and Waterfall are two diverse testing strategies that are currently most popular. Learn how to tell between …
  
  25/03/2019
- A Little Microsoft Programming History
  
  In the beginning, there were only two numbers available to program, a 0 and a 1. When one imagines the power of the early programmer who used only these to write out elaborate programs, we can’t just imagine what they …
  
  19/03/2019
- Does Automation Testing Help in Speeding Up your Processes?
  
  Every software developer out there must be familiar with the term “software testing”, and its numerous aspects. But have you wondered why there is a need for automated scripts rather the conventional manual testing approach? Well, just in case you …
  
  14/03/2019
- 10 software Testing Tools to Watch out in 2019
  
  Testing is a critical part of the software development life cycle be it for the startups or enterprise level companies. Rapid development at a complex level demands thorough testing of the end product. As technology is evolving, the type of …
  
  12/03/2019
- Automation Testing – Open Source tools for Mobile Apps
  
  Test automation is not a new topic, however, mobile automation has become a trend relatively recently. And the demand for service is constantly growing. It is caused by the fact that handheld mobile applications become more functional, taking on the …
  
  06/03/2019
- Emerging Trend Analysis – What is Digital Performance Management?
  
  The last few decades have seen increasing amounts of digital transformation in various organizations. This transformation is slated to grow at the compound annual growth rate of 16.7% and reach $1.97 trillion by the year 2022 according to a report …
  
  05/03/2019
- When will robots replace teachers?
  
  When manufacturers introduced robots, everyone was curious as to when machines could replace workers, including educators. In a nutshell, robots are machines designed to respond to environmental stimuli in a humanlike manner. This technology is now widely used to help …
  
  04/03/2019
- Thoughts Behind Cloud Testing Approach
  
  Cloud testing refers to the software testing phenomenon dedicated to check the cloud computing based services. Resources such as the hardware, software are tested with reference to the raised demand. The term is even known to be as cloud based …
  
  01/03/2019
- 5 Key Benefits of Using Meteor.js for Mobile App Development Projects
  
  Meteor or MeteorJS is one of the widely used open source JavaScript frameworks preferred by startups for their website or mobile apps. Written in the Node.js it is one of the most popular frameworks for developing cross-platform mobile apps on …
  
  01/03/2019
- Software Testing Trends: What’s New in 2019?
  
  In the current times, the software development industry has been changing very rapidly. Similarly, we can find the rapid developments in the software testing firms which helps to bring future advancements by coming up with new trends to allows quality …
  
  28/02/2019
- Overview of C# Object Oriented Programming
  
  Welcome to the all new exciting young world of C#. Why do we say it is young? Simply because it’s still in the process of evolving and quite unexplored, underutilized, its full potential still obscure to many users in the programming community. C# (pronounced as …
  
  27/02/2019
- 4 Epic Ways to Test A Mobile Application
  
  In the internet era, the mobile application testing is binary and weird at the same time as we all know there is no mid-ground; either you lose or win as there’s no going back. There has been increasing use of …
  
  26/02/2019
- 7 App Development Trends to Watch in 2019 and Beyond
  
  Smartphones are a huge part of our everyday lives. Your phone is now your music player, your clock, your messaging platform, and the way through which you connect to the world. It can also be your source of employment, your …
  
  22/02/2019
- 5 free tools for successfully running a team seamlessly
  
  It can be hard work to finally create a team that balances the right skills and knowledge. Once you’re in that situation, you might feel that the battle is won. However, one of the next big tasks is to ensure …
  
  21/02/2019
- 10 Tips to Become a Better Java Developer in 2019
  
  As a Java programmer and a blogger, I receive many emails regarding how to boost themselves in Java programming. So through this article, I collected some of the best tips for Java programmers to enhance themselves, upgrade their knowledge of …
  
  20/02/2019
- Automation Testing – Open Source tools for Mobile Apps
  
  Article Structure: Summary Mobile App Automation Testing (definition) Selecting the right tool Best Open-Source Mobile Testing Frameworks: Appium Calabash Selendroid Robotium Ranorex Espresso EarlGray Conclusion Test automation is not a new topic, however, mobile automation has become a trend …
  
  19/02/2019
- 2 for 1 Tickets to EuroSTAR Conference
  
  EuroSTAR Conference 2 for 1 tickets go on sale February 19th at 09:00hrs BST. With this offer you get two full 4-day EuroSTAR conference tickets with evening networking events for the price of one – Saving a massive €2,395 To get this offer you must: …
  
  18/02/2019
- 4 Benefits of Implementing SAP Software
  
  How efficient is your internal business communication? Can you be sure your company is receiving as much profit as it possibly can? An average business has numerous departments, which need to communicate with each other in order to ensure smooth operation. …
  
  17/02/2019
- To Be or Not To Be: Top 6 Certifications for QA Testing Professionals
  
  Professional software testers are very important for app development. Developers need their help to detect any bugs, to improve performance, and to solve any issues with the interface. Testers are responsible for a variety of tests, including functional tests, stress …
  
  14/02/2019
- Digital Mesh Testing, a Thought
  
  For the last few months, I was going through artifacts looking at the future testing scope for new technologies. Being a tester, my primary focus is always on the testing. While we all know that automation is on the top …
  
  13/02/2019
- Unconventional Wisdom V15: Test Effectiveness
  
  Participants in my testing seminars routinely rate their organizations very low on measuring and rewarding effective testing. Rewarding usually is thought the deal breaker. However, further inquiry continually confirms my analysis that the main reason test effectiveness is not rewarded …
  
  13/02/2019
- Defining Ideal QA Process – A journey of Mounting a CLIFF
  
  HP online study of IT experts speaking to little, medium and substantial endeavors (2017) reports that in PC programming improvement Agile practices essentially exceed cascade approach: 91% versus 9%. Be that as it may, what does it bring …
  
  12/02/2019
- 4 Popular Enterprise Software Trends You Need To Know About in 2019
  
  Summary: Enterprise software trends change quickly and you need to be proactive just to stay in touch with state of the art solutions in this field. There are tons of innovations to keep an eye on, but it seems like …
  
  05/02/2019
- 8 Key Points of Agile Testing Marketing Management
  
  You may have heard of this recently, and it’s essentially a new form of marketing using agile software in order to apply it to marketing. it’s gaining traction because, in many ways, modern marketing actually does parallel key parts of …
  
  04/02/2019
- The DevOps Questioneer
  
  “He who does not ask is a poor fellow” my father always told me. A few weeks ago our DevOps coach attended a Retrospective with our team. He also emphasized the importance of asking questions because making assumptions is a …
  
  31/01/2019
- Top 10 Excel Functions That You Should Know to Test Your Software Easier
  
  Microsoft Excel is one of the most popular spreadsheets with millions of users all over the globe. It features calculation, graphing tools, pivot tables, and formulas that make it useful for professionals in a wide range of fields, from accounting …
  
  25/01/2019
- The Chatbot Apocalypse: Is it so Bad as You Think?
  
  Over the last couple of years, chatbots have gone from being gimmicky conversation pieces to useful tools that can help companies to provide round the clock customer service. At the same time, as consumers have started to see an improvement …
  
  24/01/2019
- 3 Ways to Build A Mobile Application Without Tech Skills
  
  Mobile technologies are turning into the major force practically in every aspect of our daily lives. We use mobile devices to track the latest news, book hotels, buy tickets and keep in touch with friends and relatives despite the location. …
  
  23/01/2019
- Mastering the Art of Software Performance Testing
  
  Performance testing requires more attention than it actually gets. Majority of the testers focus on the component and feature functionality, even when authenticating performance on app architects designed leveraging APIs. Performance testers do not begin testing unless the app’s features …
  
  21/01/2019
- 4 Online Talks: Register Now!
  
  LISTEN, LEARN, ENGAGE REGISTER NOW!! We are really excited to announce our new series with UKSTAR. We are running a series of online talks over 1 day where we will be joined by the best in the software …
  
  18/01/2019
- The Importance of a Project Manager’s Professional Development
  
  In the field of project management, there are various opportunities that exist in this field. You will notice that in any organisation projects usually comes and go, but the project manager keeps on working for new opportunities. But sometimes, project …
  
  17/01/2019
- eBook: Bloated Automation!
  
  This year, time to invest in yourself and your test automation… For many software-producing organizations, test automation is—or is quickly becoming—a cornerstone of their software development processes. Development teams are increasingly relying on automated checks to ensure that software that …
  
  16/01/2019
- How to optimize the Testing Process and Reduce Development Costs
  
  Testing is an important part of the development process, as it helps developers to fix potential issues that might cause poor user experience or functional difficulties. In order to market a product with success, and avoid loss of revenue, one …
  
  14/01/2019
- 5 Ways Big Data and CRM Collaboration Benefits Businesses
  
  Big Data; a driving force for large organisations, when leveraged by a CRM can result in massive returns. The immense data churned out on a daily basis is a valuable asset that can be used to modulate Business processes. Big …
  
  10/01/2019
- 8 Views on How to Test Software
  
  In order to market a certain software product successfully, you need to make sure that all the product features are working correctly. Quality assurance is possible only through the software testing process, as it’s the only way to know that …
  
  09/01/2019
- How To Make App Store Optimization More Effective?
  
  Whenever the term ASO comes, there are two categories of people, one who admit that they have no clue about it, and the others explain to you that ASO is similar to SEO for App stores. The latter is not …
  
  07/01/2019
- Pros and Cons of Agile Testing
  
  Ever wondered what is an Agile Methodology and Agile testing? How does it help a project? In lucid terms, an Agile Methodology is a process which emphasizes enhancing the development life cycle of a particular project. In comparison to the …
  
  02/01/2019
- 6 Steps to Eradicate Mistakes Using Mobile Test Automation Strategy
  
  Mobile testing is a very critical area for businesses. Therefore, teams are working to make it effective by incorporating automation strategies. There is an extensive range of automation tools available in the market. So, there are many chances of going …
  
  14/12/2018
- Dynamics 365 marketing encompasses everything that the millennials need!
  
  Microsoft Dynamics 365 is known to be a front-runner when it comes to topnotch, and latest CRM solutions for a business. However, the best part about this tool is that it is not only restricted to customer support or …
  
  12/12/2018
- Web Design Usability Tips for Online Forms
  
  Generating a healthy number of hits on your website is a great start on the path to success – however, in order to extract full value from your growing audience, your website will need to include an online form. Online …
  
  19/11/2018
- Top 15 Common Selenium Exceptions You’ve Probably Seen
  
  During every automation testing processes in Selenium, you may come across many scenarios that are not common. Those are called “exceptions,” and are inevitable when you execute your test cases even with other automation testing tools such as Katalon Studio. Nevertheless, …
  
  08/11/2018
- The Role of DevOps & Machine Learning in App Performance Management
  
  There has been a lot of hype around machine learning, and quite often, this hype has gone over the board. However, the application performance management has demonstrated itself as a successful case of DevOps and machine learning. The reason behind …
  
  06/11/2018
- Link Real User Journeys and AI-Assisted Techniques to Improve Quality
  
  To keep up with DevOps, testing and QA teams typically adopt a shift-up approach to move quality further up the software development lifecycle. The goal is to complete system testing, integration testing, and user acceptance testing (UAT) to ensure a …
  
  01/11/2018
- Qualibrate at EuroSTAR
  
  Qualibrate: making testing superheroes Qualibrate will be exhibit in EuroSTAR 2018. Come and visit us at booth #30 and book your QA session with our experts. During the event you will be able to see how simple it is to …
  
  26/10/2018
- Best Tips for Improving Software Testing Communication
  
  Do you invest excessively energy sitting in meetings providing or getting team updates? Does your testing team get a huge amount of messages and assembles and conference welcomes? Does your team give a huge amount of detail to stakeholders, yet …
  
  25/10/2018
- Top 6 DXRacer Gaming Chairs in 2018
  
  The best gaming chair can last you close to a decade or more, and with that said, you want to consider the best of the best chairs to suit your needs. DXRacer is such a renowned brand of gaming chairs …
  
  24/10/2018
- 8 Advantages of a JIRA MS Project Integration
  
  If you are a project manager or team leader you probably use Microsoft Project to keep your teams and projects organized and scheduled.After more than 20 years on the market, MS Project is still the preferred project management tool by …
  
  18/10/2018
- The Analytics Magnifying Test Automation Process
  
  The manner in which associations develop software has changed essentially over the last couple of years. From agile to DevOps to continuous everything, developers are running quicker and developing more substance in less time. As a tester, you must keep up. …
  
  15/10/2018
- Getting started with Cucumber BDD for Automation Testing
  
  In recent years, there have been more software teams increasingly implementing the Agile software methodology in their development process to adapt to this fast-changing market. This trend challenges testing teams to manage test cases and test scripts which have to …
  
  11/10/2018
- Why You Should Consider Agile Software Company for Your IT Needs
  
  Jeff Sutherland innovates Scrum, the technique to manage the project in the most flexible method. It is a framework which gives agility in the process and adaptability whenever needed. Many technology scholars are in favour of Scrum implementation which makes …
  
  10/10/2018
- 6 Softwares That Can Help Your Salon Business Grow
  
  Sometimes, it can seem impossible to balance business work without having a smart alternative. Especially in salon businesses, clients always look for the best and you can’t disappoint your customers. Hence, salon software becomes a priority in order to …
  
  08/10/2018
- The Future of VR
  
  The definition of virtual reality comes from both ‘virtual’ and ‘reality’. It is a combination of ‘virtual’ and the reality which we experience as human beings. So the term ‘virtual reality’ basically means ‘near-reality’. This so called near reality is a growing technology and …
  
  03/10/2018
- The Guide To Pursuing a Full Agile Software Lifecycle
  
  Times change quickly, as do the trends associated with them. It wasn’t long ago that everyone was hurrying to adopt an agile or scrum methodology. Now, CICD and DevOps are the enviable strategies. With organizations constantly working to improve their …
  
  01/10/2018
- QA process Maturity: A Buzzword or Meaningful Effort?
  
  A mature QA process provides clear procedures for managing project risks, the toughest of them being missed deadlines and unhappy customers. However, many teams consider it a complex effort that only takes up valuable time that could be put to …
  
  26/09/2018
- DevOps Jobs: Tips for Finding the Perfect Job in DevOps
  
  There isn’t a single industry today that don’t utilize technology in one form or another. There is a growing demand for people who are knowledgeable in developing a software or an application, automation, building websites and running network operations. Are …
  
  24/09/2018
- Jira Training – How to Customise JIRA For Test Case Management
  
  How to Customise JIRA For Test Case Management Learning how to create an CI environment to develop Jira products First of all, I will put you in context: Jira is an Atlassian product, so we will use as “atlassian” products …
  
  20/09/2018
- How to Design an Elearning Course
  
  eLearning has taken the world by storm as a rapidly rising number of businesses and educational institutes unlock the power of online learning. The benefits of eLearning have made it a hot trend in today’s society. There’s no doubt it …
  
  18/09/2018
- Writing a QA Software Tester Resume: Tips and Tricks
  
  Getting an interview requires writing a resume that stands out and gets the hiring manager’s attention. If you get off to a bad start, chances are your resume is getting chucked. You also need to be confident that your resume …
  
  18/09/2018
- Will AI kill Software Testing? Here’s why it won’t
  
  When it comes to movies or TV shows genre, Sci-Fi is my personal favorite. And in Sci-Fi section the thing which excites me the most is the battle between the AI vs Humans. Where, the AI has gone out of …
  
  17/09/2018
- Define Your Test Strategy Because Agile Does Not Mean Unstructured
  
  You can imagine a test strategy as a map. It should help you to easily find your place. You can manage even without the map; however, your journey can be long enough so that you run out of your stamina …
  
  12/09/2018
- Top Fixes For Your Banking App Crash Problem!
  
  In their generally new role as a mobile application and Mobile web engineers, banks are hitting numerous hindrances, glitches, 404 errors, slow response times, and so many internet banking problems that drive clients to dissatisfaction and in some cases move to the …
  
  11/09/2018
- Are RPA Tools Your Best Choice For Test Automation?
  
  Is RPA Going to Replace Human work? Robotic Process Automation, or RPA, is the technology that enables the creation of a virtual workforce, also called software bots, to emulate human execution of repetitive and rule-based processes. This can only …
  
  28/08/2018
- What is Correlation in Performance Testing
  
  Correlation in performance testing is used to account for dynamic values. Many web applications have dynamic data that changes every time the user runs that web application. Web applications often need to track user’s interactions as they navigate through their …
  
  02/01/2017
- How Safe Are You? Ransomware and Cybersecurity
  
  Are you a computer savvy who understands everything about malware? If you are, then you probably understand the turn of events in May 2017. If you are not, on the other hand, then you must be intrigued by the events …
  
  21/03/2019
Mailing List
Keep in Touch

Subscribe to our newsletter by submitting your email address below
Email

Zen And The Art Of Security Testing

Paco Hope (Cigital, UK)

Leave a Reply Cancel reply

Agile Testing vs. Waterfall Testing

A Little Microsoft Programming History

Does Automation Testing Help in Speeding Up your Processes?

10 software Testing Tools to Watch out in 2019

Automation Testing – Open Source tools for Mobile Apps

Emerging Trend Analysis – What is Digital Performance Management?

When will robots replace teachers?

Thoughts Behind Cloud Testing Approach

5 Key Benefits of Using Meteor.js for Mobile App Development Projects

Software Testing Trends: What’s New in 2019?

Overview of C# Object Oriented Programming

4 Epic Ways to Test A Mobile Application

7 App Development Trends to Watch in 2019 and Beyond

5 free tools for successfully running a team seamlessly

10 Tips to Become a Better Java Developer in 2019

Automation Testing – Open Source tools for Mobile Apps

2 for 1 Tickets to EuroSTAR Conference

4 Benefits of Implementing SAP Software

To Be or Not To Be: Top 6 Certifications for QA Testing Professionals

Digital Mesh Testing, a Thought

Unconventional Wisdom V15: Test Effectiveness

Defining Ideal QA Process – A journey of Mounting a CLIFF

4 Popular Enterprise Software Trends You Need To Know About in 2019

8 Key Points of Agile Testing Marketing Management

The DevOps Questioneer

Top 10 Excel Functions That You Should Know to Test Your Software Easier

The Chatbot Apocalypse: Is it so Bad as You Think?

3 Ways to Build A Mobile Application Without Tech Skills

Mastering the Art of Software Performance Testing

4 Online Talks: Register Now!

The Importance of a Project Manager’s Professional Development

eBook: Bloated Automation!

How to optimize the Testing Process and Reduce Development Costs

5 Ways Big Data and CRM Collaboration Benefits Businesses

8 Views on How to Test Software

How To Make App Store Optimization More Effective?

Pros and Cons of Agile Testing

6 Steps to Eradicate Mistakes Using Mobile Test Automation Strategy

Dynamics 365 marketing encompasses everything that the millennials need!

Web Design Usability Tips for Online Forms

Top 15 Common Selenium Exceptions You’ve Probably Seen

The Role of DevOps & Machine Learning in App Performance Management

Link Real User Journeys and AI-Assisted Techniques to Improve Quality

Qualibrate at EuroSTAR

Best Tips for Improving Software Testing Communication

Top 6 DXRacer Gaming Chairs in 2018

8 Advantages of a JIRA MS Project Integration

The Analytics Magnifying Test Automation Process

Getting started with Cucumber BDD for Automation Testing

Why You Should Consider Agile Software Company for Your IT Needs

6 Softwares That Can Help Your Salon Business Grow

The Future of VR

The Guide To Pursuing a Full Agile Software Lifecycle

QA process Maturity: A Buzzword or Meaningful Effort?

DevOps Jobs: Tips for Finding the Perfect Job in DevOps

Jira Training – How to Customise JIRA For Test Case Management

How to Design an Elearning Course

Writing a QA Software Tester Resume: Tips and Tricks

Will AI kill Software Testing? Here’s why it won’t

Define Your Test Strategy Because Agile Does Not Mean Unstructured

Top Fixes For Your Banking App Crash Problem!

Are RPA Tools Your Best Choice For Test Automation?

What is Correlation in Performance Testing

How Safe Are You? Ransomware and Cybersecurity

Mailing List

Keep in Touch