F13-604: Introduction to Security Testing

Track: Test Strategy, Process and Design

Security testing is in high demand–and required (or should be) by companies doing business using the web. Entire conferences are dedicated to the what, why and how for this test area. So where does a tester start to gather the information needed to look at this type of testing? This talk is focused on providing background information for the tester, beyond what can be found in Wikipedia. Starting at the beginning, terminology and definitions will be explained to provide a foundation for the remaining parts of the presentation. The OWASP top ten will be discussed as an entrance into security testing. The importance and usage of tools, such as Fiddler, WebScarab and Firebug will be explained and examined. Examples of using these tools and where to set expectations will be provided. A review of other techniques using static analysis tools will then follow. Looking at the limitations, disadvantages and advantages of these tools will be presented. As the final part of the presentation, full featured web security tools will be discussed. The overall goals of this presentation are to provide the attendee with broad based introduction into the world of security testing, with some guidance on where and how to proceed to the next steps.

Session Takeaways:

  • Definitions of the terminology used for security testing.
  • An introduction into the tools and techniques that are available for this testing.
  • Ideas on how to proceed with security testing.
Download Presentation
Please Note: The presentations are intended for attendees only. The presentations page is password protected – contact info@softwaretestpro.com for verification of attendance and the password to access the presentation.

Session Speaker:

Jim SivakJames Sivak – Director of QA, Unidesk
Currently a Director of QA with Unidesk, Jim has spent more than thirty five years in the technology arena. Starting with testing components of the Space Shuttle, he has worked in many industries from physics research labs to defense work to systems engineering and security, both as a developer and as a QA engineer and tester. Jim’s passion lies not only in testing but instilling quality concepts into all phases of the SDLC. He has mentored many team members throughout his career and has been a speaker at conferences as well as a peer reviewer for published papers.