Continuing our theme on Security Testing, this month we have Dan Billing aka @TheTestDoctor
Please note, we meet in the bar area 18:15 onward for a prompt 19:00 start.
There will be food and drink (or two) courtesy our kind sponsors - Woodrow Mercer; Plenty of parking is also available onsite - complimentary thanks to our hosts Ramada Solihull!
Web Application Security - A Hands on Testing Challenge
We know that application security is important. We have to protect our customers’ data and our employers’ data while keeping our systems up and running. But do we have the skills and knowledge to meet that challenge?
During this training, we will begin to explore some of the concepts, skills, and techniques of security testing by working with a vulnerable web application. Through practical activities and hands-on learning, we will discover the key security issues that affect web applications today.
Testers will learn skills to identify software vulnerabilities and understand common threats and risks that occur in web-applications. We will also examine some of the tools and utilities that can enhance and extend security testing efforts. Let’s look at the essential steps to build and execute your own security testing strategies. Let’s examine how learning and mentoring can aid in the development of strategies. You can and should build up your own skills with integrated security testing. This will ensure ongoing relevance of your role in a security context, and the success of your organisations.
Building upon personal experience of integrating security testing into an existing organisation, incorporating DevOps, continuous delivery and integration, this training will highlight and discuss the reflections of learning from hackers, recent breaches and the socio-economic, political and technical impact upon software development organisations.
Attendees will take away a set of advice and techniques to incorporate and enable security testing into their day to day work, answering some of the questions that may arise around scope, skills, tools, models and learning.
Technical requirements:
This is a practical training, so all attendees will require a laptop, and the ability to install and run the application under test, as well as some open source tools that will be useful during the session. Installation instructions and a tool list will be sent before the training, and pre-installation is highly recommended for a smooth training experience.
Prior experience in security testing web applications is not necessary; however, attendees will need to be comfortable testing web applications and using modern web-browsers (i.e. Firefox, Chrome, Safari).
Installation instructions are located at Github.com
Using the supplied Docker image is the quickest/easiest method.
More details and tickets: www.meetup.com
Imported From: www.meetup.com
