STARWEST 2024 - Security Testing
Tuesday, September 24
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Wednesday, September 25
Flowstate, Automation, and LLMs: Don’t Let Tests Block Productivity
It is known that developers are most productive when they can stay in flow, but also that delaying or omitting tests can cause disruption, breakage, and security issues down the line. By properly leveraging background automation, team collaboration, and machine learning in your native DevOps workflow, you can get the best of both worlds: productive flowstate AND safe code. In this talk, Jon Peck will take a look at ways to take advantage of asynchronous test notifications, single-pane-of-glass reviews, and GPT-based tools for faster coding, test generation, and vulnerability remediation....
Thursday, September 26
Agile Security Testing Tools
The Internet is full of insecure applications that cost organizations time and money while damaging their reputations when their systems are compromised. We need to build secure applications as never before. While security and agility may appear to be natural opposites that don’t mix well, they don’t need to be. Learn how to integrate application security testing into your testing practices. Join Tom in exploring real-world examples of secure application testing practices incorporated into the iterative development used in agile projects. Learn to marry agile testing with application...
Escape Room—How Skills Needed in Escape Room Challenges Apply to Your Cybersecurity Team
There is tremendous IT turnover today and a lack of skilled resources for some job roles such as threat hunters in a Security Operations Center (SOC). This session will explore how escape rooms can teach IT leadership about building a cybersecurity team. An escape room is an ideal teaching tool that an organization can leverage to address the challenge of assembling a security team and navigating problems together. Success starts with the team and having the right mix of talent and skills which should reveal the clues to the game. Join James to explore the job roles in a SOC and skills...
Cloud Testing of Cybersecurity Features in Mobile Apps
In CI/CD pipelines, automated testing services validate functionality of apps across hundreds of real-world mobile devices and OS versions. However, these same automated testing services can use methods and tools that violate security policies such as: emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once security protections are added to a mobile app, the security features will trigger and may prevent automated testing. In this session, Karen will discuss how you can eliminate the need to test protected and unprotected builds separately. You will also...