Security Testing

Tutorials

TO Security Testing for Test Professionals

Jeffery Payne, Coveros, Inc.

Tue, 06/09/2015 - 1:00pm

Your organization is doing well with functional, usability, and performance testing. However, you know that software security is a key part of software assurance and compliance strategy for protecting applications and critical data. Left undiscovered, security-related defects can wreak havoc in a system when malicious invaders attack. If you don’t know where to start with security testing and don’t know what you are—or should be—looking for, this tutorial is for you. Jeffery Payne describes how to get started with security testing, introducing foundational security testing concepts and showing you how to apply those concepts with free and commercial tools and resources. Offering a practical risk-based approach, Jeffery discusses why security testing is important, how to use security risk information to improve your test strategy, and how to add security testing into your software development lifecycle. You don’t need a software security background to benefit from this important session.

Concurrent Sessions

BW12 Tips and Tricks for Building Secure Mobile Apps

Jeffery Payne, Coveros, Inc.

Wed, 06/10/2015 - 2:45pm

Mobile application development is now a mission-critical component of many IT organizations. Due to the security threats associated with mobile devices, it is critical that mobile applications are built—from the ground up—to be secure. However, many application developers and testers do not understand how to build and test secure mobile applications. Jeffery Payne discusses the risks associated with mobile platforms/applications and describes best practices for ensuring mobile applications are secure. Jeffery discusses the unique nuances of mobile platforms and how these differences impact the security approach that must be taken when building mobile applications. Topics such as session management, data encryption, securing legacy code, and platform security models are presented. Learn what to watch out for when building mobile applications, and leave with tips and tricks for effectively securing your apps.

BT7 Privacy and Data Security: Minimizing Reputational and Legal Risks

Tatiana Melnik, Melnik Legal, PLCC

Thu, 06/11/2015 - 11:30am

Privacy and data security are hot topics among United States federal and state regulators—as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past several years, data breaches have occurred in the hospitality, software, retail, and healthcare industries. Join Tatiana Melnik to see how stakeholders can minimize data breach risks, and privacy and security concerns by integrating the Privacy by Design model into the software development lifecycle. To understand how to minimize risks, stakeholders must understand the regulatory compliance scheme surrounding personally identifiable information; the Privacy by Design approach and the Federal Trade Commission’s involvement; and enforcement actions undertaken by federal agencies, State Attorneys General, and class action suits filed by plaintiffs.