Brief notes on this webinar: presented by Dan Billing, and organised by Ministry of Testing
---------------------
Rumour has it that there are no testers in the world who didn't sit in on Dan Billing's intro to Security Testing webinar this evening.
But in the unlikely event that someone out there did miss it I can say that it's highly recommended.
Currently I work for a company whose business is secure technology, although leaning more towards endpoint/device security than web. Our team doesn't actually tend to do the detailed security testing (because we're not expert Penetration Testers) but we obviously have security as a key point to keep in mind whilst doing functional testing. So the more I can learn about security the better.
For me this webinar dovetailed nicely with the Troy Hunt "Hack Yourself First" course which I've recently started working through. (With Dan himself using Troy Hunt's practice site for one of his examples and, like me, encountering the regular blasting of that site's database when wanting to demo something from it!)
What you'll learn
The webinar sets the context for the importance of security testing before giving an entertaining overview of recent high-impact security breaches.
Dan outlines the factors that define a good security testing approach, and a couple of helpful mnemonics for modelling potential threats to your application - including his own EXTERMINATE model.
And there's a list of areas presented which will typically be sources of security bugs in applications.
Inevitably the most fascinating part of the webinar is Dan's live demos of some of the key web vulnerabilities, eg. SQL injection, cross-site scripting (XSS), and how they can be easily exploited with no more than a browser and a bit of know-how.
The reality today - on the web particularly - is that the tools for malicious attacks are widely, easily and freely available and therefore the threat is very real.
I certainly came away with a couple of new ideas for exploits I can attempt when I get into the office tomorrow.
As I said, highly recommended.
A recording of the webinar will be made available on the Ministry of Testing Dojo soon.
Dan has also previously provided insights into Security Testing for the Testing in the Pub podcast series and those are also recommended.
---------------------
Rumour has it that there are no testers in the world who didn't sit in on Dan Billing's intro to Security Testing webinar this evening.
But in the unlikely event that someone out there did miss it I can say that it's highly recommended.
Currently I work for a company whose business is secure technology, although leaning more towards endpoint/device security than web. Our team doesn't actually tend to do the detailed security testing (because we're not expert Penetration Testers) but we obviously have security as a key point to keep in mind whilst doing functional testing. So the more I can learn about security the better.
For me this webinar dovetailed nicely with the Troy Hunt "Hack Yourself First" course which I've recently started working through. (With Dan himself using Troy Hunt's practice site for one of his examples and, like me, encountering the regular blasting of that site's database when wanting to demo something from it!)
What you'll learn
The webinar sets the context for the importance of security testing before giving an entertaining overview of recent high-impact security breaches.
Dan outlines the factors that define a good security testing approach, and a couple of helpful mnemonics for modelling potential threats to your application - including his own EXTERMINATE model.
And there's a list of areas presented which will typically be sources of security bugs in applications.
Inevitably the most fascinating part of the webinar is Dan's live demos of some of the key web vulnerabilities, eg. SQL injection, cross-site scripting (XSS), and how they can be easily exploited with no more than a browser and a bit of know-how.
The reality today - on the web particularly - is that the tools for malicious attacks are widely, easily and freely available and therefore the threat is very real.
I certainly came away with a couple of new ideas for exploits I can attempt when I get into the office tomorrow.
As I said, highly recommended.
A recording of the webinar will be made available on the Ministry of Testing Dojo soon.
Dan has also previously provided insights into Security Testing for the Testing in the Pub podcast series and those are also recommended.