We know that application security is important. We have to protect our customers’ data and our employers’ data while keeping our systems up and running. But do we have the skills and knowledge to meet that challenge?
During this workshop, we will begin to explore some of the concepts, skills, and techniques of security testing by working with a vulnerable web application. Through practical activities and hands-on learning, we will discover the key security issues that affect web applications today.
Testers will learn skills to identify software vulnerabilities and understand common threats and risks that occur in web-applications. We will also examine some of the tools and utilities that can enhance and extend security testing efforts. Let’s look at the essential steps to build and execute your own security testing strategies. Let’s examine how learning and mentoring can aid in the development of strategies. You can and should build up your own skills with integrated security testing. This will ensure ongoing relevance of your role in a security context and the success of your organisations.
Building upon personal experience of integrating security testing into an existing organisation, incorporating DevOps, continuous delivery and integration, this workshop will highlight and discuss the reflections of learning from hackers, recent breaches and the socio-economic, political and technical impact upon software development organisations.
Attendees will take away a set of advice and techniques to incorporate and enable security testing into their day to day work, answering some of the questions that may arise around scope, skills, tools, models and learning.
Technical requirements:
This is a practical workshop, so all attendees will require a laptop, and the ability to install and run the application under test, as well as some open source tools that will be useful during the session. Installation instructions and a tool list will be sent before the workshop, and pre-installation is highly recommended for a smooth workshop experience.
Prior experience in security testing web applications is not necessary; however, attendees will need to be comfortable testing web applications and using modern web-browsers (i.e. Firefox, Chrome, Safari).
