The Impact of application security on testing

410 views

Published on

This is about the impact of application security on the traditional testing activities

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
410
On SlideShare
0
From Embeds
0
Number of Embeds
82
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Sloten met een loper te openen Is bij het ontbreken van security
  • Wilders: Oude versie van CMS Joomla daardoor kwetsbaar Twitter : XSS 57,5 procent van de lekken wordt actief gebruikt.
  • Bij testen kom je het tegen, allerlei functionaliteiten die anders te gebruiken zijn Allerlei applicatie onderdelen die je eigenlijk niet nodig hebt Verrijking van je zicht op de kwaliteit
  • Demo comment in code Script injecteren <script>alert(‘Dit is een onschuldige pop-up’);</script> <script>alert(document.cookie);</script>
  • The Impact of application security on testing

    1. 2. <ul><li>The impact of application security on testing in the new world </li></ul>Andréas Prins 10-09-2009
    2. 3. Program <ul><li>The impact: </li></ul><ul><li>..of a lack of security </li></ul><ul><li>..by law </li></ul><ul><li>..for the testing process </li></ul><ul><li>..during implementation </li></ul>
    3. 4. Impact on applications without security
    4. 5. Application security and legislation <ul><li>Needed from the legislation perspective </li></ul><ul><ul><li>Wet bescherming persoonsgegevens </li></ul></ul><ul><ul><li>PCI-DSS (Payment Card Industry Data Security Standard) </li></ul></ul><ul><ul><li>SAS70 </li></ul></ul><ul><li>Clients trust you and your application </li></ul>
    5. 6. Application security is an extra dimension Explore new features in the application Quality attributes as described ISO9126 Extra code that isn`t needed
    6. 7. Testing has different faces and facets Secure implementation compliancy, control, make the right choices awareness and expert training Security assessments Code review Risk analysis / threat modeling Security Requirements external review, knowledge, responsibilities
    7. 8. The ease of security testing <ul><li>demo </li></ul>
    8. 9. The implementation into your proces <ul><li>Choose for secure application development </li></ul><ul><li>Create awareness in the (IT) organization </li></ul><ul><li>Educate people in the different proffesionalisms </li></ul><ul><li>Implement the different activities step by step, project after project </li></ul>
    9. 10. Security testing in the new world <ul><li>New technologies create new markets with other risks </li></ul><ul><li>Security testing in the crowd </li></ul><ul><ul><li>Use the crowd </li></ul></ul><ul><ul><li>Use the knowledge </li></ul></ul>
    10. 11. The impact on testing <ul><li>Application security is an enrichment for your application </li></ul><ul><li>Security testing in each phase of the process gives control and reliability </li></ul><ul><li>Security testing is not only needed it`s a fun exploration </li></ul>
    11. 12. Contact information <ul><li>[email_address] </li></ul><ul><li>http://twitter.com/andreasprins </li></ul><ul><li>http://testingthefuture.net </li></ul>

    ×