Security (secure development) is very important for most organizations, yet few testers dare to touch it. Learn the basics so you can assist specialized security testers. Learn to use different tools and ways you can test security.
Security testing can feel like a daunting task. It’s a test specialty, and often an afterthought. Testers and test automation engineers won’t replace security testers but can prevent many of the most common security vulnerabilities. Learn about the most common security vulnerabilities according to the OWASP top 10. How do these common vulnerabilities work and why do bad actors want to exploit them? Learn to design applications that an unskilled bad actor can’t crack. Support your team in making the right decisions throughout the application life cycle. And, of course, testing the security of applications. Learn how to security-test forms, find known vulnerabilities in dependencies, test API authorization, and more. To be able to do all these things you need knowledge about common vulnerabilities and the various types of tools that can detect them. In this workshop, you get hands-on experience with various tools that can help you get started with security testing the next working day. This workshop would not be complete without talking about test automation. Your test automation probably also has vulnerabilities! Are these vulnerabilities a problem? How do you make sure your test automation is safe?
References and further reading
- I write articles
- OWASP
- OWASP top 10
- OWASP Cheatsheets
- Tool: OWASP ZAP
- Tool: SonarQube
- Tool: NPM Audit