Security Testing – Where Do I Begin

Every day news headlines appear to have a new story of how personal data is lost because hackers were able to breach the security of an application or infrastructure. This is not only stealing data by reading unprotected WIFI communications or intercepting credit card data with gadgets that look like readers. What if these attacks are enabled by your software errors that were not caught by your testing?

So you have been directed to do security testing for your company’s latest and greatest software product. Where do you begin? How much time and resources do you need? What guarantees can you give? How do you know what vulnerabilities you should focus on? Can you assure management that lawsuits won’t happen due to security breaches?

This talk is focused on providing you with information that you can use to answer some of these questions. Starting with the terminology, an overview of the components of security testing will be presented. What comprises a good security test plan and how to conduct risk analysis will be presented. Designing and developing secure code, paramount to a secure product, leads to robust secure testing approaches.

You will walk away with the foundation for your approach to security testing. You will approach your next security testing project with confidence.

Session Takeaways:

  • Clear understanding of software security terminology.
  • Tools and techniques available from both open source and commercial arenas.
  • Creating a security test plan and a comprehensive risk assessment.
  • The best resources for additional and real time security information.
  • How to foster a security mindset within your organization.

Location: Fairbanks Terrace C Date: April 2, 2015 Time: 3:15 pm - 4:15 pm Jim Sivak Jim Sivak