SN
Uploaded bySrikanth Nellore
PPTX, PDF215 views

Automated Security Testing (2)

This document discusses automated security testing. It begins with an agenda that includes what security testing is, why testers need to worry about it, why automate it, how to automate it, a demo, and resources. Security testing reveals flaws in security mechanisms and is part of software testing. Automated security testing can detect vulnerabilities early, reduce costs by lessening the need for security professionals, and use existing automated functional tests with attack proxies and scans. The document demonstrates how attack proxies work and provides resources for security testing tools.

Embed presentation

Download to read offline
AUTOMATED SECURITY TESTING
AGENDA • What is Security Testing ? • Why we Testers need to worry about it ? • Why Automated Security Testing? • How can we Automate this? • Demo • Resources
WHAT IS SECURITY TESTING • Part of Software Testing • Process intended to reveal flaws in the security mechanism.
I AM NOT A SECURITY TESTER ! • Why do we, Testers need to worry about security testing ? Isn’t there a Security Team to handle this ? • Tester = { Functional testing + Non Functional (Performance, Security..)}
WHY AUTOMATED SECURITY TESTING?
• Detect known vulnerabilities early in the cycle • Reduce Costs – Amount of time you need to hire Security professional • 10 min to get you started with your first Attack proxy and scan • Can use your existing automated functional tests to generate HTTP traffic, no need to write special security tests.
WHERE ARE WE ? AS ON 2014 United States Japan Spain United Kingdom Germany China Ukraine Switzerland Mexico Canada
HOW DID WE DO? “ATTACK PROXIES” • Sit between Target and Tester - Search for http traffic patterns - Manipulate headers - Scan for vulnerabilities - Fuzzing
ALWAYS REMEMBER • Never run any Security Tests on sites that you aren’t authorised to do so.
IN ACTION…
RESOURCES – SO MANY OPTIONS TO EXPLORE! • https://www.owasp.org/index.php/Appendix_A:_Testing_Tools
BDD IN SECURITY TESTING. IS IT POSSIBLE?
ON GITHUB • https://github.com/impeccable-tester/SecurityTesting
I AM NOW A SECURITY TESTER 

More Related Content

PDF
Put yourself in the #appsec pipeline
byPaolo Perego
 
PDF
Continuous Deployment (english)
byTitas Norkūnas
 
PPTX
SecDevOps: The New Black of IT
byCloudPassage
 
PPTX
How to Maintain Traceability - While Using Jira
byPerforce
 
PDF
Machine learning in software testing
byThoughtworks
 
PDF
Embracing the Rise of SecDevOps
byTom Cappetta
 
PDF
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
byDinis Cruz
 
ODP
Making security-agile matt-tesauro
byMatt Tesauro
 
Put yourself in the #appsec pipeline
byPaolo Perego
 
Continuous Deployment (english)
byTitas Norkūnas
 
SecDevOps: The New Black of IT
byCloudPassage
 
How to Maintain Traceability - While Using Jira
byPerforce
 
Machine learning in software testing
byThoughtworks
 
Embracing the Rise of SecDevOps
byTom Cappetta
 
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
byDinis Cruz
 
Making security-agile matt-tesauro
byMatt Tesauro
 

What's hot

PPT
App Assessments Reloaded
byErnest Mueller
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
PPTX
5 top pain points of test automation
byMikalai Alimenkou
 
PDF
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
PPT
Build FAST with parallel_calabash
byThoughtworks
 
PPTX
What a DevOps specialist has to know about static code analysis
byAndrey Karpov
 
PDF
Building a Modern Security Engineering Organization
byZane Lackey
 
PDF
Unit testing
byBrian Hu
 
PPTX
Continuous everything
byTEST Huddle
 
PPTX
ReportPortal.io - Open Source experience. Showcase, benefits
byCOMAQA.BY
 
PDF
Automated Security Testing
byseleniumconf
 
PDF
Continuous Security Testing - DevSecCon
byStephen de Vries
 
PDF
Security in a Continuous Delivery World
byDinis Cruz
 
PPTX
Test automation lesson
bySadaaki Emura
 
PDF
DevSecCon London 2017: Shift happens ... by Colin Domoney
byDevSecCon
 
PPTX
Hacker Proof web app using Functional tests
byAnkita Gupta
 
PPTX
Leandro Melendez - Switching Performance Left & Right
byNeotys_Partner
 
PDF
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
byMatt Tesauro
 
PPTX
AppSec Pipeline - Velcocity NY 2015
byMatt Tesauro
 
PPTX
Oscp - Journey
byVandana Verma
 
App Assessments Reloaded
byErnest Mueller
 
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
5 top pain points of test automation
byMikalai Alimenkou
 
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
Build FAST with parallel_calabash
byThoughtworks
 
What a DevOps specialist has to know about static code analysis
byAndrey Karpov
 
Building a Modern Security Engineering Organization
byZane Lackey
 
Unit testing
byBrian Hu
 
Continuous everything
byTEST Huddle
 
ReportPortal.io - Open Source experience. Showcase, benefits
byCOMAQA.BY
 
Automated Security Testing
byseleniumconf
 
Continuous Security Testing - DevSecCon
byStephen de Vries
 
Security in a Continuous Delivery World
byDinis Cruz
 
Test automation lesson
bySadaaki Emura
 
DevSecCon London 2017: Shift happens ... by Colin Domoney
byDevSecCon
 
Hacker Proof web app using Functional tests
byAnkita Gupta
 
Leandro Melendez - Switching Performance Left & Right
byNeotys_Partner
 
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
byMatt Tesauro
 
AppSec Pipeline - Velcocity NY 2015
byMatt Tesauro
 
Oscp - Journey
byVandana Verma
 

Similar to Automated Security Testing (2)

PPTX
Challenges in Security Testing
byShikha Jarial
 
PPTX
Continuous Security Testing in a Devops World
byStephen de Vries
 
PPTX
Continuous Security Testing in a Devops World #OWASPHelsinki
byStephen de Vries
 
PPTX
Continuous and Visible Security Testing with BDD-Security
byStephen de Vries
 
PPTX
DevSecCon Boston2018 - advanced mobile security automation with bdd
byDavide Cioccia
 
PDF
Add More Security To Your Testing and Automating - Saucecon 2021
byAlan Richardson
 
PPTX
Insoft training day_1
bySriram Angajala
 
PPTX
How to Get the Most Out of Security Tools
bySecurity Innovation
 
PDF
Bringing Security Testing to Development: How to Enable Developers to Act as ...
byAchim D. Brucker
 
PDF
Security Testing for Test Professionals
byTechWell
 
PPT
Security Testing
byISsoft
 
Challenges in Security Testing
byShikha Jarial
 
Continuous Security Testing in a Devops World
byStephen de Vries
 
Continuous Security Testing in a Devops World #OWASPHelsinki
byStephen de Vries
 
Continuous and Visible Security Testing with BDD-Security
byStephen de Vries
 
DevSecCon Boston2018 - advanced mobile security automation with bdd
byDavide Cioccia
 
Add More Security To Your Testing and Automating - Saucecon 2021
byAlan Richardson
 
Insoft training day_1
bySriram Angajala
 
How to Get the Most Out of Security Tools
bySecurity Innovation
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
byAchim D. Brucker
 
Security Testing for Test Professionals
byTechWell
 
Security Testing
byISsoft
 

Automated Security Testing (2)

  • 1.
  • 2.
    AGENDA • What isSecurity Testing ? • Why we Testers need to worry about it ? • Why Automated Security Testing? • How can we Automate this? • Demo • Resources
  • 3.
    WHAT IS SECURITYTESTING • Part of Software Testing • Process intended to reveal flaws in the security mechanism.
  • 4.
    I AM NOTA SECURITY TESTER ! • Why do we, Testers need to worry about security testing ? Isn’t there a Security Team to handle this ? • Tester = { Functional testing + Non Functional (Performance, Security..)}
  • 5.
  • 6.
    • Detect knownvulnerabilities early in the cycle • Reduce Costs – Amount of time you need to hire Security professional • 10 min to get you started with your first Attack proxy and scan • Can use your existing automated functional tests to generate HTTP traffic, no need to write special security tests.
  • 7.
    WHERE ARE WE? AS ON 2014 United States Japan Spain United Kingdom Germany China Ukraine Switzerland Mexico Canada
  • 8.
    HOW DID WEDO? “ATTACK PROXIES” • Sit between Target and Tester - Search for http traffic patterns - Manipulate headers - Scan for vulnerabilities - Fuzzing
  • 9.
    ALWAYS REMEMBER • Neverrun any Security Tests on sites that you aren’t authorised to do so.
  • 10.
  • 11.
    RESOURCES – SOMANY OPTIONS TO EXPLORE! • https://www.owasp.org/index.php/Appendix_A:_Testing_Tools
  • 12.
    BDD IN SECURITYTESTING. IS IT POSSIBLE?
  • 13.
  • 14.
    I AM NOWA SECURITY TESTER 