Security is an important requirement when developing quality applications, however it is often overlooked by both developers and testers. Instead, expensive consultants are called in to perform “penetration testing”. In a penetration test, an ethical hacker will attempt to discover as many vulnerabilities as they can within the testing window. As this is expensive, many applications go live without any security testing. In this talk, I will attempt to demystify security testing, showing why it’s important and why you don’t need to be a security experts to perform important security checks.
We will take a real web application and go though the steps real world hackers would use to gain access to the server. Along the way, we will learn the tools and techniques used and understand how the application could be tested by non security experts before it goes live.
Note: The recording of this talk can be found here.