ExpoQA 2022 was a conference that took place in Madrid between the 31st May and 2nd June 2022. This week I will be posting some sketchnotes for the talks that I attended.
Security testing is something I’m not experienced in. I have developed a mindset where I am scared of security testing. I am especially scared of missing critical security defects which could have severe consequences for the organisation I work for. This was addressed in Dan Billings talk on exploratory security testing, and has inspired me to overcome that fear and start learning more about the topic.
- Some testers have developed a mindset where they fear looking at security because they believe they lack the skills.
- Exploring security involves:
- Combining security testing and exploratory testing
- Building security awareness and skills across the whole team, finding and encouraging others to become security testing advocates
- Security is a part of quality, but security bugs should be treated differently to quality bugs.
- Key areas of security are:
- It can be helpful to understand what both a legitimate and malicious user might do.
- There are 5 steps in the security testing process:
- Model Application
- Identify Threats
- Evaluate Risks
- Locate Vulnerabilities
- Develop Mitigrations