Do-over Session

The Do-Over Session winner for 2014 as voted by attending delegates was session W24 – What? Why? Who? How? Of Application Security Testing presented by Declan O’Riordan. For anyone that missed the session (or would like to see it again!) come along to Wicklow Hall 2B on Level 2.

WATCH: An intro to this session from Declan

A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.

For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.

Follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.

After this presentation you can stop describing security as ‘Out of Scope’ from your test plans.