deploying security testing practice · deploying security testing practice by artem vasiuk. in...

Report

Post on 31-May-2020

12 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Deploying Security Testing Practice

by Artem Vasiuk

In testing since 2004

Test Manager in Danish company Scalepoint

From Ukraine. Live in Denmark

Love snowboarding

About me

Increasing number of breaches

Numerous tools for detection and attacks

New area for personal development

High stakes due to GDPR

Why Security?

Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Let’s do it! But what’s next step?

Should we do it or delegate to professionals?

How do we get time for it?

Can robots do the stuff for us?

The Beginning

• Management Decision

• Need Driven

• Personal Initiative

• Career Opportunity

The Situation

What is the driver?

• One-man battle

• Team Work

• Corporate Goal

The Situation

How do you organise the process?

• Secure Frameworks and Components

• Automated Testing Tools

• Professional Consultants

The Situation

Where do you focus?

• Non-Functional Testing of Features

• Design Review and Code Review

• Penetration Testing per Release

• Definition of Done

The Situation

When do you act?

• Top 10 Vulnerabilities

• Testing Checklist

• App Sec Verification Standard (aka ASVS)

• Software Assurance Maturity Model (aka SAMM)

Can I help you?

OWASP.org

Top 10 Vulnerabilities

Testing Checklist

ASVS

SAMM

Burp Suite, Zed Attack Proxy (ZAP), AppScan

SonarQube (Java, C#, JS... +DependencyChecker)

Security test data in Automated tests

Improve Efficiency

Automated Sec Scanning tools

Scanning Setup

"Who would even hack us? People are nice!"

"We have firewall (https, kaspersky, ________) to protect us!"

"We have Michael. He is responsible for Security"

"I have no time for learning"

"Security is technical, so do it in your Technical backlog"

"Ok, ok…But let’s do release now and improve Security later"

Challenges

• The Web Application Hacker's Handbook

• Kingpin: How One Hacker Took Over the

Billion-Dollar Cybercrime Underground

Must read

Pluralsight course

• "Hack yourself first" by Troy Hunt

• "WebApp Penetration Testing" by Sunny Wear

Must see

Thank you!

The End

top related

hypotheses testing practice (answers)
Documents
testing & deploying microservices geecon 2014
Technology
testing & deploying node.js apps
Technology
exploratory testing in practice
Technology
practice testing - github pages
Documents
mechanism design and testing of a self-deploying … design...
Documents
pv213 eis in practice: 10 – testing 1 pv213 enterprise...
Documents
risk-based testing in practice - erik van veenendaal testing...
Documents
testing and deploying couchbase mobile – couchbase connect...
Software
testing and deploying ibm rational hats® applications on
Documents
deploying constraint programming for testing abb’s
Documents
standards of practice: testing
Documents
agile testing practice
Software
testing & deploying microservices - xp days ukraine 2014
Technology
development, testing, deploying, hosting, … testing,...
Documents
testing practice as a service overview...our testing...
Documents
front end from the front lines: building testing and...
Technology
testing predictive models in production€¦ · testing...
Documents
best practice guidelines for deploying ex8200 virtual...
Documents
endurance testing: practice - porsche
Documents