STARWEST 2026 - Security Testing

Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Jonathan as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for ensuring...

As QA and DevOps teams, you rigorously test your login flows, MFA integrations, and session timeouts. But how do you test for an attack that doesn't break the code and mirrors the entire environment? Enter Adversary-in-the-Middle (AiTM) attacks—a sophisticated phishing method using reverse-proxy toolkits (like Evilginx) that bypass Multi-Factor Authentication (MFA) by stealing live session tokens. In this session, Yaamini will move beyond standard functional testing to look at the technical reality of modern session-based threats. She will demonstrate how these "zero-hour" attacks operate...