At this year’s EuroSTAR conference on software Testing (Dublin, Nov 24-27) I’ll be discussing web application security and how it is completely different to traditional mainframe testing. If you not sure what SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery are, or a host of other ways of attacking your system, then I’d urge you to come along to my talk at 4:00pm on Wednesday 26th November. In the talk I’ll cover:
- What web application security testing is
- Why it’s important
- Who should be doing it
- How it should be done
I’ll even be giving away copies of my Application Security Testing procedures.
I look forward to meeting you at the conference.
Head of Security Testing, T&VS
Abstract: EuroSTAR Conference
A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.
For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.
Follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.
For a more in-depth look at this topic you may find my white paper on Application Security Testing a useful read.