Softwarts: Security Testing for Muggles
Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of exploratory test techniques we already understand. In this Defense against the Black Hats, Paco Hope dispels the myth that security testing is a magical art. By deconstructing security activities into techniques we already know well, we expand our testing. Security tests can be seamlessly woven into our existing test practices with just a bit of straightforward effort. Glittering gold security bugs can be tracked and managed right alongside the mundane, garden-variety functional ones. The knowledge that we need to do meaningful security testing is accessible and can be learned. If you can test functionality, you can test security. When our day-to-day tests include security too, our software does not fall prey to the hackers’ sleight-of-hand and conjurers’ tricks.