Skip to main content
Thursday, May 7, 2015 - 1:30pm - 2:30pm
Security
T17

Security Testing: What Testers Can Do

Thousands of times each day, network perimeter security defenses fail to recognize new and obfuscated attacks. Rather than attempting to build security firewalls, Declan O’Riordan asserts that project teams must design, code, and test security into applications―and that requires skills that are in short supply. As testers, we need to recognize which security tests we can perform and which require delegation to experts. Let’s stop our passive acceptance of designs that are weak on security and instead conduct analysis of the security features before we plan the system testing. As a tester, examine how the developers are coding, and verify their use of secure coding guidelines. Work through a security testing example and identify its authentication, access control, and session management functionality. Acquire the skill to identify tests you can handle—e.g., incomplete validation of credentials and unprotected functionality—from the tests you need to delegate to experts—e.g., brute-force login and predictable session tokens.

Declan O'Riordan, Test and Verification Solutions

Although he had never spoken in public before 2014, Declan O’Riordan set goals of being accepted as a speaker for EuroSTAR, winning the prize for best conference paper, and having his talk voted the session that attendees would most like repeated. He achieved these goals and joined the 2015 EuroSTAR programme committee. Declan says his success was a result of taking on security testing and making it an integral part of the whole SDLC on all projects on which he was test manager.

read more