Hacking/Information Security has always been put forward as a domain which required Ninja skills. In reality, information security is a domain where we as engineers need to be a step ahead than the attackers and need to be able to defend against the threats. To do this, all the engineers need to develop is skills that will allow them to think like attackers and be able to find potential vulnerabilities even before the bad people on the internet do. It is even better if we are able to write code in such a way that these vulnerabilities do not exist in the first place.
What do software testers have to do with this? Well, imagine a software tester knows a few basics on how to do security testing. Imagine, if had an attacker mindset which they are regularly looking for software bugs. Wouldn’t it be extra fancy if you are able to write security checks while automating regular test cases?
This talk is aimed to address the above questions. The talk will empower testers to think like attackers and get a basic understanding of web application penetration testing. This will be a great start for every tester to start thinking about security to take their skills to the next level. The speaker will also demonstrate a few techniques that will give easy wins for every software tester to identify security vulnerabilities. The speaker will also demonstrate some cool demos which will ensure that these techniques discussed are not just on paper but could be anywhere on the internet.