Security | STARWEST

Tutorials

Jennifer Bonine, tap|QA, Inc.

Mon, 10/13/2014 - 8:30am

Have you ever needed a way to measure your leadership IQ? Or been in a performance review where the majority of time was spent discussing your need to improve as a leader? If you have ever wondered what your core leadership competencies are and how to build on and improve them, Jennifer Bonine shares a toolkit to help you do just that.

ML Innovation Thinking: Evolve and Expand Your Capabilities SOLD OUT

Jennifer Bonine, tap|QA, Inc.

Mon, 10/13/2014 - 1:00pm

Innovation is a word frequently tossed around in organizations today. The standard clichés are do more with less and be creative. Companies want to be innovative but often struggle with how to define, implement, prioritize, and track their innovation efforts. Using the Innovation to Types model, Jennifer Bonine will help you transform your thinking regarding innovation and understand if your team and company goals match their innovation efforts. Learn how to classify your activities as "core" (to the business) or "context" (essential, but non-revenue generating).

TL Security Testing for Test Professionals

Jeff Payne, Coveros, Inc.

Tue, 10/14/2014 - 1:00pm

Today’s software applications are often security critical, making security testing an essential part of a software quality program. Unfortunately, most testers have not been taught how to effectively test the security of the software applications they validate. Join Jeff Payne as he shares what you need to know to integrate effective security testing into your everyday software testing activities. Learn how software vulnerabilities are introduced into code and exploited by hackers. Discover how to define and validate security requirements.

Concurrent Sessions

W5 Growing into Leadership

Peter Walen, Gordon Food Service

Wed, 10/15/2014 - 11:30am

Pete Walen is not going to tell you how to be a good test manager. Instead, Pete shares ideas on becoming a true leader. While some managers certainly are leaders, testers of all varieties and experience levels can become leaders. Developing technical leadership skills, regardless of job title, involves overcoming our own uncertainties, self-doubts, and perceptions. Learning to foster relationships while perfecting our craft is a challenge for everyone, particularly when others look to us to be an expert—even when we don’t feel like one.

T18 Testing Application Security: The Hacker Psyche Exposed

Mike Benkovich, Imagine Technologies, Inc.

Thu, 10/16/2014 - 1:30pm

Computer hacking isn’t a new thing, but the threat is real and growing even today. It is always the attacker’s advantage and the defender’s dilemma. How do you keep your secrets safe and your data protected? In today’s ever-changing technology landscape, the fundamentals of producing secure code and systems are more important than ever. Exploring the psyche of hackers, Mike Benkovich exposes how they think, reveals common areas where they find weakness, and identifies novel ways to test your defenses against their threats.

T24 Testing API Security: A Wizard’s Guide

Ole Lensmar, SmartBear Software

Thu, 10/16/2014 - 3:00pm

As we've seen in recurring events in the past year, web services APIs are a primary target for security attacks—and the consequences can be catastrophic for both API providers and end users. Stolen passwords, leaked credit card numbers, and revealed private messages and photos are just some of the headaches awaiting those who have been compromised. Ole Lensmar puts on his hacker-cloak to show how attackers break systems via web service APIs with fuzzing, session spoofing, injection attacks, cross-site scripting, and other methods.

Keynotes

K5 Softwarts: Security Testing for Muggles

Paco Hope, Cigital

Thu, 10/16/2014 - 4:15pm

Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of exploratory test techniques we already understand. In this Defense against the Black Hats, Paco Hope dispels the myth that security testing is a magical art. By deconstructing security activities into techniques we already know well, we expand our testing.