2. Reflections
Am I excited by my work anymore?
How far has just being a 'functional tester'
taken me?
Have I maintained and developed my skills?
What do I have to do to make a change?
3. "To know what skills to focus on learning
you need to know what skills you need for
your chosen career…compare this to what
skills you currently have.
The difference between the two is where
you should focus your learning"
Remaining Relevant and Employable in a changing world - Testers Edition
Rob Lambert, Leanpub, 2013
Focus your learning
4. Why Security?
Discovered an interest through personal
learning and skill development
Driven equally through frustration and
curiosity
Desired a deeper understanding of
applications under test
…and the requirements of my client/employer
7. Getting started
Understand your applications and infrastructure
Model threats in YOUR context
Understand vulnerabilities in YOUR context
Learn techniques to expose these threats/vulnerabilities
Select appropriate tools – they WILL help!
Learn from your Developers and Operations engineers!
Find a mentor or learning partner
8. STRIDE - a threat model
SPOOFING
TAMPERING
REPUDIATION
INFORMATION DISCLOSURE
DENIAL OF SERVICE
ESCALATION OF PRIVILEGE
19. Where next…?
Enable others wherever possible
Better vulnerability detection, in dev and
production
Improved analysis and reporting
Increased confidence and skill
21. Thanks!
Senior Test Engineer at New Voice Media
www.newvoicemedia.com
Co-facilitator with Weekend Testing Europe
@europetesters weekendtesting.com/europe
Blog: www.thetestdoctor.wordpress.com
Twitter @thetestdoctor