Sara Martinez Giner

SDET Lead - Telefonica Tech, Spain

It is a reality that cyberattacks are increasing tremendously. Informally, firms can be divided into two categories: those that have suffered a cyberattack and those that are going to suffer it. Therefore, how can testers like us contribute in this harsh environment? Can we really prevent certain critical scenarios without being cybersecurity experts?

To start, I’ll review and explain some recent media cyberattacks. This introduction will be crucial to understand the main vulnerabilities and risks that our products are going to be exposed throughout the course of their lifetime. It is clear that at this point, as testers, we need to take action. Based on this, automation and tool integration will be required during the Secure Software Development Life Cycle (SSDLC).

I will include tips, examples, tools and a demo to show how such work environments will provide the teams agility, expertise and, ultimately, simplify some certification processes for their products in major standards like ISO 27001.

With all of that information at hand, and using our testing expertise on different new skills and tools, a few mitigations will be developed in order to encourage the usage of static code analysis to find vulnerabilities, find some data sets to force critical use cases, etc. In other words, lead a cybersecurity culture and strategy in our team.

What you will Learn

1. OWASP
2. Security Testing Tools
3. Security Culture

This talk was part of our AutomationSTAR Virtual Day 2024. EuroSTAR Huddle shares talks and articles from our community. Check out our library of online talks from test experts and come together with the community in-person at the annual EuroSTAR Software Testing Conference. The EuroSTAR Conference has been running since 1993 and is the largest testing event in Europe, welcoming 1000+ software testers and QA professionals every year.