Fundamentals of Security Testing Web Applications

K     Start Time : 08:30     End Time : 12:30

Testing web applications for security is not quite the same as testing them for functionality. Many principles are similar, but the details and implications are different. In this half-day session we cover the fundamentals of HTTP, proxies, and how to test for the two biggest security issues in web applications: SQL injection and cross-site scripting (XSS). We’ll cover practical information like attacks work so we can design good test cases. We’ll also fit security into testing concepts like equivalence class partitioning. This session is aimed at software testers, not security experts. The terms and techniques will be explained without jargon and hyperbole.

  • Speaker


    Paco Hope - , Cigital Ltd, United Kingdom

    Author of two security books and frequent conference speaker, Paco Hope is a Principal Consultant with Cigital Ltd and has been working in the field of software security for nearly 15 years. Paco helps clients in the financial, retail, and online gaming industries build secure software by performing source code review and architectural risk analysis. He is also a member of an advisory council with (ISC)² and serves as a subject matter expert for the CISSP and CSSLP security certifications.