STARWEST 2024 - Security Testing | TechWell

STARWEST 2024 - Security Testing

Sunday, September 22

Derrick Roach

Security Testing for Test Professionals

Sunday, September 22, 2024 - 8:30am to Monday, September 23, 2024 - 5:00pm

Tuesday, September 24


Web Security Testing: The Basics and More

Tuesday, September 24, 2024 - 8:30am to 12:00pm

Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...

Wednesday, September 25

Jon Peck

Flowstate, Automation, and LLMs: Don’t Let Tests Block Productivity

Wednesday, September 25, 2024 - 11:30am to 12:30pm

It is known that developers are most productive when they can stay in flow, but also that delaying or omitting tests can cause disruption, breakage, and security issues down the line. By properly leveraging background automation, team collaboration, and machine learning in your native DevOps workflow, you can get the best of both worlds: productive flowstate AND safe code. In this talk, Jon Peck will take a look at ways to take advantage of asynchronous test notifications, single-pane-of-glass reviews, and GPT-based tools for faster coding, test generation, and vulnerability remediation....

Thursday, September 26

James Risler

Escape Room—How Skills Needed in Escape Room Challenges Apply to Your Cybersecurity Team

Thursday, September 26, 2024 - 11:15am to 12:15pm

There is tremendous IT turnover today and a lack of skilled resources for some job roles such as threat hunters in a Security Operations Center (SOC). This session will explore how escape rooms can teach IT leadership about building a cybersecurity team. An escape room is an ideal teaching tool that an organization can leverage to address the challenge of assembling a security team and navigating problems together. Success starts with the team and having the right mix of talent and skills which should reveal the clues to the game. Join James to explore the job roles in a SOC and skills...

Karen Hsu

Cloud Testing of Cybersecurity Features in Mobile Apps

Thursday, September 26, 2024 - 1:30pm to 2:30pm

In CI/CD pipelines, automated testing services validate functionality of apps across hundreds of real-world mobile devices and OS versions. However, these same automated testing services can use methods and tools that violate security policies such as: emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once security protections are added to a mobile app, the security features will trigger and may prevent automated testing. In this session, Karen will discuss how you can eliminate the need to test protected and unprotected builds separately. You will also...