STAREAST 2022 - Security Testing
Tuesday, April 26
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Derek Evans as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Thursday, April 28
Raiders of the Lost AppSec
Remember the Indiana Jones movies? For those in infosec and security trying to navigate these days seems a lot like those movies. For instance, right from the very start of the series, we are shown how defense-in-depth is not enough - or have you forgotten that Indy escaped with the idol? Or how about how many of us, trying to keep up with threats, can relate to Indy, when going after a truck, said “I don’t know, I’m making this up as I go!”? And can't we ALL relate to trying to find the Security Holy Grail to help manage and mitigate risk – and felt the pain and scars from someone...
Enhance AppSec Maturity and Outcomes Using DevSecOps Metrics
Building a mature AppSec program is critical to the success of any product in managing the most vulnerable areas of the application. How can we ensure that the DevSecOps pipeline implemented is working effectively? The paper answers them by highlighting the key measures for every CISO to monitor and track the effectiveness of the AppSec maturity. The effective outcomes were measured by tracking 6 key metrics to validate if DevSecOps is successfully implemented. When done right, DevSecOps goes well beyond “shifting security left” to “shifting security everywhere” ensuring application is...