STAREAST 2022 Tutorial: Web Security Testing: The Basics and More


Tuesday, April 26, 2022 - 8:30am to 12:00pm

Web Security Testing: The Basics and More

Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Derek Evans as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for ensuring that common security features are tested; learn how to identify key security risks within web applications; and find about about security testing techniques and tools to mitigate them. See examples of common web security vulnerabilities and how to identify them. Take home a compendium of tools and techniques to test the security of your web applications going forward.

Derek Evans

Derek Evans been in the application security sector for 15 years, working in eight different industries and rising through the ranks to serve as AppSec and DevOps director. At the tactical level, he has worked to advise clients on implementation and maturity of their software security initiatives, security assessment programs (penetration testing, DAST, SAST, SCA, threat modeling, IAST, etc.), integration of security activities in the SDLC and CI/CD automated pipelines, and software security risk management. As a Managing Consultant, Derek is responsible for delivery of services and for technical leadership.