What? Why? Who? How? Of Application Security Testing

W24     Start Time : 16:00     End Time : 16:45

WATCH: An intro to this session from Declan

A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.

For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.

Follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.

After this presentation you can stop describing security as ‘Out of Scope’ from your test plans.

  • Speaker


    Declan O'Riordan - , Testing IT, UK

    Declan O’Riordan has worked in IT for 34 years and specialized in testing since 1988. At his debut EuroSTAR conference speaking opportunity in 2014 he won the prize for best conference paper and was voted the session delegates would most like repeated with ‘The What? Why? Who? And How? Of Application Security’. Declan subsequently won the prize for best conference paper at the STAR East conference in 2015 with ‘Security Testing: What Testers Can Do’. His current goal is to develop better communications between project teams and security specialists to prevent application security risks being ignored.