STARWEST 2019 - Security Testing
Tuesday, October 1
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Jeffery Payne as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Wednesday, October 2
QADevSecOps: Leading a Quality-Driven DevOps Transformation
Have you wondered where QA professionals fit into a DevSecOps transformation? Stacy Kirk thinks they should champion the transformation. Regardless of where your company is on its journey to DevSecOps, quality must be at the forefront for optimal effectiveness and customer value. This means promoting feedback loops that use monitoring and reporting tools effectively, and most importantly, it means creating a culture of collaborative communication and continuous improvement. The role of the QADevSecOps practitioner must evolve from ensuring the quality of software to assessing the...
Continuous Application Security Testing
PreviewBecause of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company, and they may be brought in to perform a point-in-time assessment prior to a release. Your team is interested in implementing continuous deployment, and automation seems like the obvious answer. But when attempting to automate your security tests, you may run into a wide variety of challenges beyond simply adding a tool into your build system. Josh Gibbs will discuss how to choose what to test, how to avoid slow tests, how to keep...
Thursday, October 3
Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development
PreviewImplementing application security (AppSec) programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming. And with the countless number of customizable build, task-tracking, and CI integration systems available, many companies don’t know where to begin implementation of DevSecOps. Join Dennis Hurst as he shares the knowledge necessary to wield powerful AppSec tools based on his experience with a variety of large corporate clients. Dennis will discuss common pitfalls and...