Skip to main content

Paco Hope


A principal consultant for Cigital, Paco Hope has deep experience in securing software and systems. Paco’s experience covers web applications, online gaming, embedded devices, lotteries, and business-to-business transaction systems. He has worked with small startups and large enterprises in architecture risk analysis, secure code review, penetration testing, and other consulting. Acting president of the London Chapter of (ISC)², Paco serves on (ISC)²'s Application Security Advisory Board, authoring questions for the CISSP and CSSLP certifications. He coauthored the Web Security Testing Cookbook, Mastering FreeBSD and OpenBSD Security, and a chapter of Building Security In.

Speaker Presentations
Thursday, October 16, 2014 - 4:15pm
Softwarts: Security Testing for Muggles

Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of exploratory test techniques we already understand. In this Defense against the Black Hats, Paco Hope dispels the myth that security testing is a magical art. By deconstructing security activities into techniques we already know well, we expand our testing. Security tests can be seamlessly woven into our existing test practices with just a bit of straightforward effort. Glittering gold security bugs can be tracked and managed right alongside the mundane, garden-variety functional ones. The knowledge that we need to do meaningful security testing is accessible and can be learned. If you can test functionality, you can test security. When our day-to-day tests include security too, our software does not fall prey to the hackers’ sleight-of-hand and conjurers’ tricks.