BIO

A Test Manager in a Danish company Scalepoint with 8+ years of experience in Test Management. Artem is responsible for delivering improvements in both manual and automated testing areas. To prevent ‘inventing a wheel’ he tries to re-use well known tools, standards and process models to save time and money during development. And that’s something Artem is willing to share with others.

Workshop

Test Design Techniques for Security Testing

This workshop unveils the secrecy and misleading around software security testing domain. It presents the ideas and concepts of quality assurance of the web products from security point of view. Security is just another type of non-functional testing, that not only helps to gain higher quality level on software products, but also introduces new areas for personal growth.

A specially designed web applications with known vulnerabilities will be used for training purposes (JuiceShop and DamnVulnerableWebApp).

Part 1: Ad-hoc assessment of the functionality for potential vulnerabilities

• Security testing on early development stages
• Typical things to consider while testing security
• Asking the right questions at the right time

Part 2: Design of generic security checklists for security testing

• Documenting the generic checklist for security checks
• Building repeatable security checks for typical functionality
• Ways to organize checklists and related test data

Part 3: Automating vulnerability scanning and reporting using BurpSuite

• Pains and Gains of automated security scanning tools
• Improving the scope of security testing with BurpSuite
• Ideas to fit automated security scanning into development pipeline.

Learn about the test design techniques in security, perform test analysis, build checklists and deploy automation within Security Testing initiatives on your project. Improve the value of quality assurance by adding extra validation gateways in your process.

Test Engineers with experience in exploratory testing, willing to gain basic knowledge about security testing for further development.

Laptop is recommended as we’re going to have some practical tasks in related topics. BurpSuite Scanner Community addition to be installed and configured with Firefox before workshop. Instructions are available here.