Skip to main content
Thursday, October 16, 2014 - 4:15pm - 5:15pm
Keynote
K5

Softwarts: Security Testing for Muggles Prior Year Content

Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of exploratory test techniques we already understand. In this Defense against the Black Hats, Paco Hope dispels the myth that security testing is a magical art. By deconstructing security activities into techniques we already know well, we expand our testing. Security tests can be seamlessly woven into our existing test practices with just a bit of straightforward effort. Glittering gold security bugs can be tracked and managed right alongside the mundane, garden-variety functional ones. The knowledge that we need to do meaningful security testing is accessible and can be learned. If you can test functionality, you can test security. When our day-to-day tests include security too, our software does not fall prey to the hackers’ sleight-of-hand and conjurers’ tricks.

Paco Hope
Paco Hope, Cigital

A principal consultant for Cigital, Paco Hope has deep experience in the securing of software and systems. His experience covers web applications, online gaming, embedded devices, lotteries, and business-to-business transaction systems. He has worked with small startups and large enterprises in architecture risk analysis, secure code review, penetration testing, and other consulting. Paco serves on (ISC)²'s European Advisory Council and authors questions for the CISSP and CSSLP certifications. Paco is active in the OWASP Mobile Top Ten Risks project; coauthored the Web Security Testing Cookbook, Mastering FreeBSD, and OpenBSD Security; and wrote a chapter of Building Security In.

read more