go back to the blog

Application Security Testing – An Update!

  • 13/04/2016
  • no comments
  • Posted by Declan O'Riordan

Many of the EuroSTAR speakers are highly intelligent quick thinkers who understand complex ideas immediately. To compete and collaborate with them I found two legal ways of cheating. One was to be extremely interested in my topic; the second was to work really, really hard. Those tactics got me quite a long way, but eventually I realised the testing community wasn’t keeping up because I had taken the cheats to obsessional levels. Normal people aren’t interested in security and don’t want to think about it 18 hours a day.

Letting go of a core belief is difficult, but ignoring its failings would be worse. Recognizing project teams will not become security-savvy was painful, yet that is the paradigm. Fortunately a breakthrough in API Instrumentation now allows application sensors to report detailed performance and security attributes to us in real-time. We don’t need to inject test data loads for Application Performance Monitoring (APM), and now we don’t need to submit security tests to view an application security dashboard. This shocking change is unbelievable to many of the security old guard, yet it’s backed by firm results. The first Polish expert in real-time security will almost certainly be in the EuroSTAR Roadshow audience, even if they don’t know it yet!

If you’d like to learn more about my talk, and all the other talks, from the EuroSTAR Roadshow in Warsaw on April 27th – CLICK HERE


Blog post by

go back to the blog

[email protected]

Declan O’Riordan has worked in IT since 1981 and testing since 1987. At his debut EuroSTAR conference speaking opportunity in 2014 he won the prize for best conference paper and was voted the session delegates would most like repeated with ‘The What? Why? Who? And How? Of Application Security’. Declan subsequently won the prize for best conference paper at the STAR East conference in 2015 with ‘Security Testing: What Testers Can Do’. His ambition is to develop better communications between project teams and security specialists to prevent application security risks being ignored

Leave your blog link in the comments below.

EuroSTAR In Pictures

View image gallery