Security is an important requirement when developing quality applications, however it is often overlooked by both developers and testers. Instead, expensive consultants are called in to perform penetration testing. In a penetration test, an ethical hacker will attempt to discover as many vulnerabilities as they can within the testing window. As this is expensive, many applications go live without any security testing. In this talk, I will attempt to demystify security testing, showing why it’s important and why you don’t need to be a security experts to perform important security checks. We will take a real web application and go though the steps real world hackers would use to gain access to the server. Along the way, we will learn the tools and techniques used and understand how we could have tested this application before it went live. Watch Talk
