Back To Schedule
Thursday, February 26 • 13:30 - 17:00
U04: Introduction to Application Security Testing - CLOSED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The tutorial takes the form of short ½ day security test of a deliberately insecure web application; we will start the day by reviewing the application to understand what and how data flows within the system. We will then conduct a series of practical exercises to explore the security of the system from the following perspectives: Data at Rest, Data in Transit and Data on Display. As we examine each of these perspectives we will cover the appropriate Security background theory, tools and techniques and then apply these to the application to uncover any issues.  As we identify security issues we’ll examine the issues around reporting security problems. 

The session will be a fun and highly practical one where we will cover a range of security testing techniques including common techniques such as Cross Site Scripting, Code Injection, Request Forgeries. We will also start building your security testing toolkit from freely available tools. 

At the end of the day, the attendees will have: 
- An understanding of how to approach security testing from the perspective of a tester. 
- An understanding of the OWASP Top 10 vulnerabilities. 
- Practical experience of some of the key techniques and tools used in security testing.

- A workbook containing additional practical exercises to try once the workshop is over. 

This course is suitable for any tester and test leads who is looking to extend their skills into security testing. No prior experience of security testing is required but a curiosity and interest in the topic is essential. The course will focus primarily on testing the security of web applications so a basic understanding of HTTP and SQL would be useful.

avatar for Bill Matthews

Bill Matthews

Test Consultant, Target Testing Ltd
Bill Matthews has been a freelance test consultant for 15 years working mainly on the more technical elements of system and operational testing such as integration, performance and security. He is a regular speaker at testing conferences mainly on technical topics such as web and... Read More →

Thursday February 26, 2015 13:30 - 17:00 CET
3: Tutorial Room - C