Connect With Us

Events

Upcoming events

    • 16 Sep 2015
    • 2:00 PM - 4:00 PM
    • Morningstar 7th Floor 22 W. Washington Street Chicago, IL 60602

    Real World Security Testing
    Matt Konda, Jemurai

    About the Topic

    Testing for security is an increasingly important and visible part of software delivery.  The classic formula for security testing isn't working and security analysis tools can't reliably find certain basic problems.  In this talk I will introduce concrete things testing teams can do to contribute to the security of a system.

    Opportunities to contribute include more advanced manual testing of scenarios that are often overlooked.  They also include process improvements that range from articulating security acceptance criteria to checklists.  In some cases, test automation can be used to raise the security of delivered software.  In all cases, the villain persona and negative testing scenarios are foundational to effective security testing.

    In addition to specific actionable security testing strategies, one goal of the talk will be to provide some high level context for thinking about security testing and how to integrate it into the software development lifecycle effectively.

    Key Learning Objectives
    • Explain manual testing steps for two classes of security vulnerabilities (xss and authorization)
    • Provide context for where and when to use automated tools for security testing
    • Demonstrate how to integrate security into the development process
    About the Speakers

    Matt Konda

    Matt Konda is the founder of Jemurai, a growing application security consulting firm specializing in projects that bring security into the software development process.  Before starting Jemurai, Matt spent 4 years as a Director of Engineering at a security company where he was responsible for both technical and operational delivery of a vulnerability scanner, a certificate authority and a tool used by 200 penetration testers.  Matt has extensive experience writing software, leading agile teams, engaging with testers and implementing process improvements.  Matt is on the global board of OWASP and is a frequent speaker at hacker and developer conferences


    Host and Location

    Morningstar
    7th Floor
    22 W. Washington Street
    Chicago, IL 60602
    (Check in with security at front desk on first floor is required with a photo identification)

    Agenda

    1:30-2:00 Sign-in & Networking
    2:00-2:15 Announcements
    2:15-4:00 Presentation and Panel Discussion (15 minute break at 3:00)

    Registration

    REGISTRATION IS REQUIRED TO ATTEND THIS PROGRAM.
    PLEASE REGISTER BY Monday, September 14, 2015 at www.cqaa.org. If you have any questions, please contact CQAA Program Director at programs@cqaa.org.

Past events

26 Aug 2015 CQAA August 2015 Round Table Discussion: Data Testing / Data Validation
18 Aug 2015 CQAA August 2015 Webinar: Root Cause Analysis: Helping Make the Right Decisions
21 Jul 2015 CQAA July 2015 Speaker Program: When is a Project Ready for Software Automation?
13 Jul 2015 Certified Software Tester (CSTE) Prep Course
20 May 2015 CQAA May 2015 Speaker Program: Best Practices for Performance Testing Mobile Apps
28 Apr 2015 CQAA April 2015 Lunch & Learn: The Perils of Being an Agile Tester – Discussion Forum
25 Mar 2015 CQAA March 2015 Speaker Program: Promoting Quality Principles and Practices thru Organization Change Management
18 Feb 2015 CQAA February 2015 Speaker Program: QA Engagement During User Acceptance Testing
12 Feb 2015 CQAA February 2015 Webinar: The Force Awakens
23 Jan 2015 CQAA January 2015 Webinar: Enterprise Agility Starts with Healthy Teams, How Healthy is YOUR Agile Team?
15 Jan 2015 CQAA January 2015 Webinar: Why Test Automation Fails
04 Dec 2014 CQAA December 2014 Webinar: Test Data Management for Agile Continuous Testing
19 Nov 2014 CQAA November 2014 Program: The QA Aspects of DevOps - Enabling Quality, Speed and Agility within your SDLC
23 Oct 2014 CQAA October 2014 Program: Creating Useful Metrics to Provide Quality Software
24 Sep 2014 CQAA September 2014 Speaker Program: CSI Chicago: Attributes of a Successful Software Forensics Solutions
23 Sep 2014 Certified Software Tester (CSTE) Prep Course
27 Aug 2014 CQAA August 2014 Webinar: Revealing the Mystery behind Test Automation Framework Design
31 Jul 2014 CQAA July Event: The Bushido Code & 30th Anniversary Celebration
24 Jun 2014 CQAA June 2014 Speaker Program: Managing Your Offshore Testing Team
20 May 2014 CQAA May 2014 Speaker Program: Roadmap to Continuous Integration Testing and Benefits
23 Apr 2014 CQAA April 2014 Speaker Program: Reaching the Holy Grail of Effective Application Performance Testing and Analysis
19 Mar 2014 CQAA March 2014 Speaker Program: Quality Engineering: Driving Higher Quality throughout the SDLC
25 Feb 2014 CQAA February 2014 Speaker Program: Model-Based Testing: Taking BDD/ATDD to the Next Level
19 Feb 2014 Quest February 2014 Webinar: Software Quality Metrics Do’s and Don’ts
13 Feb 2014 CQAA February 2014 Lunch & Learn: Lightning Talks Strike CQAA Again
05 Feb 2014 Quest February 2014 Webinar: Career Planning for Agile QA
12 Dec 2013 CQAA December 2013 Webinar: Best Practices in Testing
19 Nov 2013 CQAA November 2013 Speaker Program: Testing Mobile Apps and Websites: Conquering the Multitude with the help of Automation
18 Oct 2013 CQAA October 2013 Speaker Program: Continuous Quality: What Software as Service Means to QA
20 Sep 2013 CQAA September 2013 Speaker Program: Metrics: Delivering QA Value Across IT
21 Aug 2013 CQAA August 2013 Webinar: 5 Steps to World Class Testing Performance - What is the TMMi?
25 Jul 2013 CQAA July 2013 Speaker Program: Integrating Exploratory Testing with Traditional Testing Methods
17 Jul 2013 CQAA July 2013 Lunch & Learn: Microsoft TFS/MTM Tool Interest Group
25 Jun 2013 CQAA June 2013 Speaker Program: Agile Testing in a Waterfall World
23 May 2013 CQAA May 2013 Speaker Program: Secrets of Test Automation
16 May 2013 CQAA May 2013 Lunch & Learn: Tools for Quality Assurance / Quality Control
18 Mar 2013 CQAA March 2013 Speaker Program: Distributed Teams that Pop
22 Feb 2013 CQAA February 2013 Speaker Program: Risk-Based Testing: Focused Effort, Better Results
14 Feb 2013 CQAA February 2013 Lunch & Learn: Lightning Talks Strike CQAA Again
25 Jan 2013 CQAA January 2013 Speaker Program: The UAT Chess Game: Playing Your Pieces to Win
19 Dec 2012 CQAA December 2012 Webinar: Test Planning Versus Test Strategy. Are They the Same?
13 Nov 2012 CQAA November 2012 Speaker Program: The Application Management Tools Industry Has Failed You!
30 Oct 2012 CQAA October 2012 Lunch & Learn: Leading Change from the Inside Out
26 Sep 2012 CQAA September 2012 Lunch & Learn: Quality Application Leadership in a Large Organization
14 Sep 2012 CQAA September 2012 Speaker Program: Assessing your Testing Using the Test Maturity Model (TMM)
15 Aug 2012 CQAA August 2012 Webinar: Testing 2013
27 Jul 2012 CQAA July 2012 Speaker Program: Automation using Open Source Frameworks like Selenium and TestNG
28 Jun 2012 CQAA June 2012 Speaker Program: Performance Testing: Roles, Activities and QA Inclusion
20 Jun 2012 CQAA June 2012 Lunch & Learn: Enterprise of Social Media, Collaboration, Jetpacks, and Ray Guns
17 Apr 2012 CQAA April 2012 Speaker Program: Exploring How the Mobile App Project Is Shaping the Way We Approach Quality
11 Apr 2012 CQAA April 2012 Lunch & Learn: Model Based Testing for Flexible and Predictable Test Coverage
20 Mar 2012 CQAA March 2012 Speaker Program: Testing and Measurement
23 Feb 2012 CQAA February 2012 Program: 10 Principles of Smart Requirements Gathering
16 Feb 2012 CQAA February 2012 Lunch & Learn: Lightning Talks Strike CQAA
17 Jan 2012 CQAA January 2012 Program: Automated Tests Into Automated Builds!
06 Dec 2011 CQAA December 2011 Webinar: Raising Your Technical Debt Ceiling…Or Not?
08 Nov 2011 CQAA November 2011 Program: Successful Strategies for QA-Based Security Testing
26 Oct 2011 CQAA October 2011 Program: Functional Testing and Automation within Behavior Driven Development
27 Sep 2011 CQAA September 2011 Lunch & Learn: Web Accessibility: A Missed Quality Requirement
20 Sep 2011 CQAA September 2011 Dinner Event: Innovations & Emerging Trends in Software Quality Assurance
09 Aug 2011 CQAA August 2011 Webinar: Testing @ Microsoft
27 Jul 2011 CQAA July 2011 Program: Mobile Technology Testing - Are You Ready?
22 Jun 2011 CQAA June 2011 Program: Exploratory Testing in the Enterprise
08 Jun 2011 Certified Software Quality Analyst (CSQA) Prep Course
06 Jun 2011 Certified Software Tester (CSTE) Prep Course
24 May 2011 CQAA May 2011 Spring Dinner Event: The Future of Software Projects - How Quality Assurance and Development Are Changing
19 May 2011 CQAA May 2011 Lunch & Learn: Establishing and Integrating Service Oriented Architecture (SOA) Testing
26 Apr 2011 CQAA April 2011 Program: Closing the Gap in Regression Testing
20 Apr 2011 CQAA April 2011 Lunch & Learn: Getting the Best out of Distributed Teams
15 Mar 2011 CQAA March 2011 Program: Defect Prevention - A Tester's Role in Process Improvement and Reducing the Cost of Poor Quality
23 Feb 2011 CQAA February 2011 Program: Scrum - A Disciplined Approach to Product Quality and Project Success
09 Feb 2011 CQAA February 2011 Lunch & Learn: Meeting New Business Challenges With Dynamic Quality Assurance
18 Jan 2011 CQAA January 2011 Program: Project and Process Tailoring for Success
07 Dec 2010 CQAA December 2010 Webinar: Writing Testable Requirements
30 Nov 2010 CQAA November 2010 Program: IT Disciplines - Collaboration, Competencies, and Careers
26 Oct 2010 CQAA October 2010 Program: A Guide to Software Tool Selection
21 Oct 2010 CQAA October 2010 Lunch & Learn: Collaborative Lifecycle Management
21 Sep 2010 CQAA September 2010 Dinner Event: Mitigating Exploitable Software Risk
14 Sep 2010 CQAA September 2010 Lunch & Learn: Parallel Data Testing
26 Aug 2010 CQAA August 2010 Webinar: Team-Based Acceptance Test Driven-Development
28 Jul 2010 CQAA July 2010 Program: Practical Metrics for Managing and Improving Software Testing
23 Jun 2010 CQAA June 2010 Lunch and Learn: Reporting Skills and Software Testing
17 Jun 2010 CQAA June 2010 Program: Introducing Risk Based Testing to Organizations
26 May 2010 CQAA May 2010 Lunch and Learn: Agile Through SCRUM
17 May 2010 CQAA May 2010 Dinner Program: Dr Cem Kaner Speaks on the Law of Software Quality
27 Apr 2010 CQAA April 2010 Lunch and Learn: Testing Critical Infrastructure Applications
13 Apr 2010 CQAA April 2010 Program with C-SPIN: Managing Software Quality within the Team Software Process
24 Mar 2010 CQAA March 2010 Program: Bringing Value to the Organization With Performance Testing
25 Feb 2010 CQAA February 2010 Lunch and Learn - 360° Project Lifecycle Health Assessments
16 Feb 2010 CQAA February 2010 Program: Optimizing Modular Test Automation
27 Jan 2010 CQAA January Program: Assurance for Cloud Computing
Powered by Wild Apricot Membership Software