Hacker-proof your app using Functional Tests

schedule Sep 6th 03:15 PM - Jan 1st 12:00 AM place Grand Ball Room 1
Many Functional Testing/QA Engineers don't have insights into Security vulnerabilities. Usually an enterprise has a separate security testing team solely for that task and functional testers have to rely on them for the security audit.
Security is an important part of Testing but not every build of the application is tested for security issues. All Functional testing teams have a load of automated test cases which are run on every build of the application but they don't check for security flaws.
In this talk we would be showing how you can use your existing test cases and automatically perform security testing on your web application. This is made possible using IronWASP, an open source security scanner and its companion libraries.
If you are a software tester or developer even without any security expertise this talk will help you secure your web application better using your existing functional test cases.

Outline/Structure of the Talk

1. Description of basic Security Testing processes.
2. Integration of the security scanner with existing Function Tests.
3. Demo of the solution.

Learning Outcome

After the talk the audience will be able to integrate their existing automated functional tests with the Security Scanner and understand how this can increase the effectiveness of their testing process.

Each Individual will be equipped to automate the process of discovering security issues in their web apps.

Target Audience

Automation Engineers, Testers, developers, Security Researchers.

schedule Submitted 5 years ago

Public Feedback

comment Suggest improvements to the Speaker
  • Anand Bagmar
    By Anand Bagmar  ~  5 years ago
    reply Reply

    Security Testing is a very large space in itself. Are you going to focus on any specific aspects of this niche area? Is there any pre-requisite knowledge of security testing for the attendees?

    • Ankita Gupta
      By Ankita Gupta  ~  5 years ago
      reply Reply

      We would be focussing on the part of Security Testing that can be automated. Prerequisites will only be good understanding of how functional test cases look and are structured. The Whole point of this talk is you dont need to be a security analyst to do security testing.