Real World Security Testing
Matt Konda, Jemurai
About the Topic
Testing for security is an increasingly important and visible part of software delivery. The classic formula for security testing isn't working and security analysis tools can't reliably find certain basic problems. In this talk I will introduce concrete things testing teams can do to contribute to the security of a system.
Opportunities to contribute include more advanced manual testing of scenarios that are often overlooked. They also include process improvements that range from articulating security acceptance criteria to checklists. In some cases, test automation can be used to raise the security of delivered software. In all cases, the villain persona and negative testing scenarios are foundational to effective security testing.
In addition to specific actionable security testing strategies, one goal of the talk will be to provide some high level context for thinking about security testing and how to integrate it into the software development lifecycle effectively.
Key Learning Objectives
- Explain manual testing steps for two classes of security vulnerabilities (xss and authorization)
- Provide context for where and when to use automated tools for security testing
- Demonstrate how to integrate security into the development process
About the Speakers
Matt Konda is the founder of Jemurai, a growing application security consulting firm specializing in projects that bring security into the software development process. Before starting Jemurai, Matt spent 4 years as a Director of Engineering at a security company where he was responsible for both technical and operational delivery of a vulnerability scanner, a certificate authority and a tool used by 200 penetration testers. Matt has extensive experience writing software, leading agile teams, engaging with testers and implementing process improvements. Matt is on the global board of OWASP and is a frequent speaker at hacker and developer conferences
Host and Location
22 W. Washington Street
Chicago, IL 60602
(Check in with security at front desk on first floor is required with a photo identification)
1:30-2:00 Sign-in & Networking
2:15-4:00 Presentation and Panel Discussion (15 minute break at 3:00)
REGISTRATION IS REQUIRED TO ATTEND THIS PROGRAM.
PLEASE REGISTER BY Monday, September 14, 2015 at www.cqaa.org. If you have any questions, please contact CQAA Program Director at firstname.lastname@example.org.