the impact of application security on testing
TRANSCRIPT
1
2
The impact of application security on testing in the new world
Andréas Prins 10-09-2009
3
Program
The impact:
..of a lack of security
..by law
..for the testing process
..during implementation
4
Impact on applications without security
5
Application security and legislation
• Needed from the legislation perspective– Wet bescherming persoonsgegevens
– PCI-DSS (Payment Card Industry Data Security Standard)
– SAS70
• Clients trust you and your application
6
Application security is an extra dimension
Explore new features in the application
Quality attributes as described ISO9126
Extra code that isn`t needed
7
Testing has different faces and facets
Secure implementation
compliancy, control, make the right choices
awareness and expert training
Security assessments
Code reviewRisk analysis / threat modeling
Security Requirements
external review, knowledge, responsibilities
8
The ease of security testing
demo
9
The implementation into your proces
• Choose for secure application development
• Create awareness in the (IT) organization
• Educate people in the different proffesionalisms
• Implement the different activities step by step, project after project
10
Security testing in the new world
• New technologies create new markets with other risks
• Security testing in the crowd– Use the crowd
– Use the knowledge
11
The impact on testing
• Application security is an enrichment for your application
• Security testing in each phase of the process gives control and reliability
• Security testing is not only needed it`s a fun exploration
12
Contact information
http://twitter.com/andreasprins
http://testingthefuture.net