At the EuroSTAR conference on software Testing (Dublin – Nov 24-27, 2014) T&VS presented on web application security and how it is completely different to traditional mainframe testing. If you’re not familiar with SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery or a host of other ways of attacking your system and applications, then this was the talk for you. In the talk T&VS covered:
- What web application security testing is
- Why it’s important
- Who should be doing it
- How it should be done
Abstract: This is the only subject in my 33-year IT career that I’ve ever felt is so important that I have to get up on stage and make more people aware. When I started speaking about application security I found that people really enjoyed the story and returned to work galvanised into action and I’m confident you will feel the same. This is useful stuff.
De-mystifying Application Security
A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle. For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.
Download the Whitepaper
By downloading my new whitepaper you will be able to follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.
Video Trailer: Web Application Security
Still not sure if the Whitepaper is for you? Check out the video trailer to find out more.