Home / resources / non-functional-testing / zen-and-the-art-of-security-testing

Zen And The Art Of Security Testing

Reading Time: 1 minute

Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.

Key Takeaways:

Great places in the user journey to inject security tests
Ways to augment existing test approaches to cover security concerns
Typical security tools that are free, cheap, and easy for software testers

Paco Hope (Cigital, UK)

Author of two security books and frequent conference speaker, Paco Hope is a Principal Consultant with Cigital Ltd and has been working in the field of software security for nearly 15 years. Paco helps clients in the financial, retail, and online gaming industries build secure software by performing source code review and architectural risk analysis. He is also a member of an advisory council with (ISC)² and serves as a subject matter expert for the CISSP and CSSLP security certifications.

Twitter – @pacohope

Leave a Reply Cancel reply

You must be logged in to post a comment.

News from our blog
- 4 Online Talks: Register Now!
  
  LISTEN, LEARN, ENGAGE REGISTER NOW!! We are really excited to announce our new series with UKSTAR. We are running a series of online talks over 1 day where we will be joined by the best in the software testing business, …
  
  18/01/2019
- The Importance of a Project Manager’s Professional Development
  
  In the field of project management, there are various opportunities that exist in this field. You will notice that in any organisation projects usually comes and go, but the project manager keeps on working for new opportunities. But sometimes, project …
  
  17/01/2019
- eBook: Bloated Automation!
  
  This year, time to invest in yourself and your test automation… For many software-producing organizations, test automation is—or is quickly becoming—a cornerstone of their software development processes. Development teams are increasingly relying on automated checks to ensure that software that …
  
  16/01/2019
- Defining The Perfect Roadmap for Customer Engagement Through Dynamics 365
  
  There are a lot of ways by which a customer engages with a business which doesn’t just fall inside the sales category. These other interactions the customer has with the business or the product also plays a major role in shaping …
  
  16/01/2019
- How to optimize the Testing Process and Reduce Development Costs
  
  Testing is an important part of the development process, as it helps developers to fix potential issues that might cause poor user experience or functional difficulties. In order to market a product with success, and avoid loss of revenue, one …
  
  14/01/2019
- 5 Ways Big Data and CRM Collaboration Benefits Businesses
  
  Big Data; a driving force for large organisations, when leveraged by a CRM can result in massive returns. The immense data churned out on a daily basis is a valuable asset that can be used to modulate Business processes. Big …
  
  10/01/2019
- 8 Views on How to Test Software
  
  In order to market a certain software product successfully, you need to make sure that all the product features are working correctly. Quality assurance is possible only through the software testing process, as it’s the only way to know that …
  
  09/01/2019
- How To Make App Store Optimization More Effective?
  
  Whenever the term ASO comes, there are two categories of people, one who admit that they have no clue about it, and the others explain to you that ASO is similar to SEO for App stores. The latter is not …
  
  07/01/2019
- Test Suite and Test Redundancy: How Your Watchmen Have Turned Against You
  
  It is an empirical fact that code duplication (or non-DRY code) raises technical debt, which in turn causes undesired maintenance issues for software projects especially in your test suites. Additionally, non-DRY code can potentially increase the likelihood of introducing software …
  
  04/01/2019
- Share Your Resolution List to Inspire & Win
  
  Oh, 2018… You were one fantastic year for sure. So many memories made, so many Huddle friendships created. It’s hard to believe you are over. But for many testers , the year 2019 couldn’t come any sooner, as this is …
  
  02/01/2019
- Pros and Cons of Agile Testing
  
  Ever wondered what is an Agile Methodology and Agile testing? How does it help a project? In lucid terms, an Agile Methodology is a process which emphasizes enhancing the development life cycle of a particular project. In comparison to the …
  
  02/01/2019
- 6 Steps to Eradicate Mistakes Using Mobile Test Automation Strategy
  
  Mobile testing is a very critical area for businesses. Therefore, teams are working to make it effective by incorporating automation strategies. There is an extensive range of automation tools available in the market. So, there are many chances of going …
  
  14/12/2018
- Dynamics 365 marketing encompasses everything that the millennials need!
  
  Microsoft Dynamics 365 is known to be a front-runner when it comes to topnotch, and latest CRM solutions for a business. However, the best part about this tool is that it is not only restricted to customer support or …
  
  12/12/2018
- Web Design Usability Tips for Online Forms
  
  Generating a healthy number of hits on your website is a great start on the path to success – however, in order to extract full value from your growing audience, your website will need to include an online form. Online …
  
  19/11/2018
- Top 15 Common Selenium Exceptions You’ve Probably Seen
  
  During every automation testing processes in Selenium, you may come across many scenarios that are not common. Those are called “exceptions,” and are inevitable when you execute your test cases even with other automation testing tools such as Katalon Studio. Nevertheless, …
  
  08/11/2018
- The Role of DevOps & Machine Learning in App Performance Management
  
  There has been a lot of hype around machine learning, and quite often, this hype has gone over the board. However, the application performance management has demonstrated itself as a successful case of DevOps and machine learning. The reason behind …
  
  06/11/2018
- Link Real User Journeys and AI-Assisted Techniques to Improve Quality
  
  To keep up with DevOps, testing and QA teams typically adopt a shift-up approach to move quality further up the software development lifecycle. The goal is to complete system testing, integration testing, and user acceptance testing (UAT) to ensure a …
  
  01/11/2018
- Qualibrate at EuroSTAR
  
  Qualibrate: making testing superheroes Qualibrate will be exhibit in EuroSTAR 2018. Come and visit us at booth #30 and book your QA session with our experts. During the event you will be able to see how simple it is to …
  
  26/10/2018
- Best Tips for Improving Software Testing Communication
  
  Do you invest excessively energy sitting in meetings providing or getting team updates? Does your testing team get a huge amount of messages and assembles and conference welcomes? Does your team give a huge amount of detail to stakeholders, yet …
  
  25/10/2018
- Top 6 DXRacer Gaming Chairs in 2018
  
  The best gaming chair can last you close to a decade or more, and with that said, you want to consider the best of the best chairs to suit your needs. DXRacer is such a renowned brand of gaming chairs …
  
  24/10/2018
- 8 Advantages of a JIRA MS Project Integration
  
  If you are a project manager or team leader you probably use Microsoft Project to keep your teams and projects organized and scheduled.After more than 20 years on the market, MS Project is still the preferred project management tool by …
  
  18/10/2018
- The Analytics Magnifying Test Automation Process
  
  The manner in which associations develop software has changed essentially over the last couple of years. From agile to DevOps to continuous everything, developers are running quicker and developing more substance in less time. As a tester, you must keep up. …
  
  15/10/2018
- Getting started with Cucumber BDD for Automation Testing
  
  In recent years, there have been more software teams increasingly implementing the Agile software methodology in their development process to adapt to this fast-changing market. This trend challenges testing teams to manage test cases and test scripts which have to …
  
  11/10/2018
- Why You Should Consider Agile Software Company for Your IT Needs
  
  Jeff Sutherland innovates Scrum, the technique to manage the project in the most flexible method. It is a framework which gives agility in the process and adaptability whenever needed. Many technology scholars are in favour of Scrum implementation which makes …
  
  10/10/2018
- 6 Softwares That Can Help Your Salon Business Grow
  
  Sometimes, it can seem impossible to balance business work without having a smart alternative. Especially in salon businesses, clients always look for the best and you can’t disappoint your customers. Hence, salon software becomes a priority in order to …
  
  08/10/2018
- The Future of VR
  
  The definition of virtual reality comes from both ‘virtual’ and ‘reality’. It is a combination of ‘virtual’ and the reality which we experience as human beings. So the term ‘virtual reality’ basically means ‘near-reality’. This so called near reality is a growing technology and …
  
  03/10/2018
- The Guide To Pursuing a Full Agile Software Lifecycle
  
  Times change quickly, as do the trends associated with them. It wasn’t long ago that everyone was hurrying to adopt an agile or scrum methodology. Now, CICD and DevOps are the enviable strategies. With organizations constantly working to improve their …
  
  01/10/2018
- QA process Maturity: A Buzzword or Meaningful Effort?
  
  A mature QA process provides clear procedures for managing project risks, the toughest of them being missed deadlines and unhappy customers. However, many teams consider it a complex effort that only takes up valuable time that could be put to …
  
  26/09/2018
- DevOps Jobs: Tips for Finding the Perfect Job in DevOps
  
  There isn’t a single industry today that don’t utilize technology in one form or another. There is a growing demand for people who are knowledgeable in developing a software or an application, automation, building websites and running network operations. Are …
  
  24/09/2018
- Jira Training – How to Customise JIRA For Test Case Management
  
  How to Customise JIRA For Test Case Management Learning how to create an CI environment to develop Jira products First of all, I will put you in context: Jira is an Atlassian product, so we will use as “atlassian” products …
  
  20/09/2018
- How to Design an Elearning Course
  
  eLearning has taken the world by storm as a rapidly rising number of businesses and educational institutes unlock the power of online learning. The benefits of eLearning have made it a hot trend in today’s society. There’s no doubt it …
  
  18/09/2018
- Writing a QA Software Tester Resume: Tips and Tricks
  
  Getting an interview requires writing a resume that stands out and gets the hiring manager’s attention. If you get off to a bad start, chances are your resume is getting chucked. You also need to be confident that your resume …
  
  18/09/2018
- Will AI kill Software Testing? Here’s why it won’t
  
  When it comes to movies or TV shows genre, Sci-Fi is my personal favorite. And in Sci-Fi section the thing which excites me the most is the battle between the AI vs Humans. Where, the AI has gone out of …
  
  17/09/2018
- Define Your Test Strategy Because Agile Does Not Mean Unstructured
  
  You can imagine a test strategy as a map. It should help you to easily find your place. You can manage even without the map; however, your journey can be long enough so that you run out of your stamina …
  
  12/09/2018
- Top Fixes For Your Banking App Crash Problem!
  
  In their generally new role as a mobile application and Mobile web engineers, banks are hitting numerous hindrances, glitches, 404 errors, slow response times, and so many internet banking problems that drive clients to dissatisfaction and in some cases move to the …
  
  11/09/2018
- Are RPA Tools Your Best Choice For Test Automation?
  
  Is RPA Going to Replace Human work? Robotic Process Automation, or RPA, is the technology that enables the creation of a virtual workforce, also called software bots, to emulate human execution of repetitive and rule-based processes. This can only …
  
  28/08/2018
Mailing List
Keep in Touch

Subscribe to our newsletter by submitting your email address below
Email

<<	Jan 2019					>>
Mon	Tue	Wed	Thu	Fri	Sat	Sun
31	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31	1	2	3

Zen And The Art Of Security Testing

Paco Hope (Cigital, UK)

Leave a Reply Cancel reply

4 Online Talks: Register Now!

The Importance of a Project Manager’s Professional Development

eBook: Bloated Automation!

Defining The Perfect Roadmap for Customer Engagement Through Dynamics 365

How to optimize the Testing Process and Reduce Development Costs

5 Ways Big Data and CRM Collaboration Benefits Businesses

8 Views on How to Test Software

How To Make App Store Optimization More Effective?

Test Suite and Test Redundancy: How Your Watchmen Have Turned Against You

Share Your Resolution List to Inspire & Win

Pros and Cons of Agile Testing

6 Steps to Eradicate Mistakes Using Mobile Test Automation Strategy

Dynamics 365 marketing encompasses everything that the millennials need!

Web Design Usability Tips for Online Forms

Top 15 Common Selenium Exceptions You’ve Probably Seen

The Role of DevOps & Machine Learning in App Performance Management

Link Real User Journeys and AI-Assisted Techniques to Improve Quality

Qualibrate at EuroSTAR

Best Tips for Improving Software Testing Communication

Top 6 DXRacer Gaming Chairs in 2018

8 Advantages of a JIRA MS Project Integration

The Analytics Magnifying Test Automation Process

Getting started with Cucumber BDD for Automation Testing

Why You Should Consider Agile Software Company for Your IT Needs

6 Softwares That Can Help Your Salon Business Grow

The Future of VR

The Guide To Pursuing a Full Agile Software Lifecycle

QA process Maturity: A Buzzword or Meaningful Effort?

DevOps Jobs: Tips for Finding the Perfect Job in DevOps

Jira Training – How to Customise JIRA For Test Case Management

How to Design an Elearning Course

Writing a QA Software Tester Resume: Tips and Tricks

Will AI kill Software Testing? Here’s why it won’t

Define Your Test Strategy Because Agile Does Not Mean Unstructured

Top Fixes For Your Banking App Crash Problem!

Are RPA Tools Your Best Choice For Test Automation?

Mailing List

Keep in Touch