1. Understanding of key security risks, threats and vulnerabilities
2. Learn and practice security testing skills in a safe space
3. Development of the security mindset

Dan has been a tester for 16 years, working within a diverse range of development organisations, mostly in the south-west of England. He has been a freelance test consultant but currently works as a Test Jumper at Medidata, where most of his time is spent coaching and leading testers, developing test strategy and exploring the needs of the business. This includes mentoring, supporting and training members of the team to develop their security skills also. Dan’s love of testing drives me to become an active member of the testing community, helping to organise local tester meetups in the Bristol and Bath area. He is also a co-facilitator with Weekend Testing Europe and also organises the South West Exploratory Workshop in Testing. He is also a co-host of the podcast Screen Testing, alongside Neil Studd.

We know that application security is important. We have to protect our customers’ data and our employers’ data while keeping our systems up and running. But do we have the skills and knowledge to meet that challenge?

During this workshop, we will begin to explore some of the concepts, skills, and techniques of security testing by working with a vulnerable web application. Through practical activities and hands-on learning, we will discover the key security issues that affect web applications today.

Testers will learn skills to identify software vulnerabilities and understand common threats and risks that occur in web-applications. We will also examine some of the tools and utilities that can enhance and extend security testing efforts. Let’s look at the essential steps to build and execute your own security testing strategies. Let’s examine how learning and mentoring can aid in the development of strategies. You can and should build up your own skills with integrated security testing. This will ensure ongoing relevance of your role in a security context, and the success of your organisations.

Building upon personal experience of integrating security testing into an existing organisation, incorporating DevOps, continuous delivery and integration, this workshop will highlight and discuss the reflections of learning from hackers, recent breaches and the socio-economic, political and technical impact upon software development organisations.

Attendees will take away a set of advice and techniques to incorporate and enable security testing into their day to day work, answering some of the questions that may arise around scope, skills, tools, models and learning.

Technical requirements:
This is a practical workshop, so all attendees will require a laptop, and the ability to install and run the application under test, as well as some open source tools that will be useful during the session. Installation instructions and a tool list will be sent before the workshop, and pre-installation is highly recommended for a smooth workshop experience.

Prior experience in security testing web applications is not necessary; however, attendees will need to be comfortable testing web applications and using modern web-browsers (i.e. Firefox, Chrome, Safari).