STARWEST 2022 - Security Testing

Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...

End of 2021 Log4Shell ruined many Christmas holidays for developers, architects, ITOps and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to prevent using vulnerable code or react faster once a new breach is detected?

In this session we cover stories from DevSecOps teams that were on the frontlines when Log4Shell hit. We look into application security approaches and tools to detect vulnerabilities during testing, delivery as well as in production and see how...

Maturing a new organization's quality practices, while challenging, is doable as processes are normally built with quality in mind. This can't be said for legacy applications, built on architectures that are decades old and supported by organizations leveraging varying development methodologies to deliver their products and capabilities. In this presentation we will discuss how T-Mobile embraced the diversity of our successful culture to not only transform but truly migrate to Quality as a Service.

During our discussion we will map the path that T-Mobile took to identify a horizon...