STAREAST 2024 - Security Testing

Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...

In CI/CD pipelines, automated testing services validate functionality of apps across hundreds of real-world mobile devices and OS versions. However, automated testing services can also leverage methods and tools that violate cybersecurity policies or that cybersecurity professionals find problematic and dangerous including: emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once protections are added to a mobile app, security features detect these methods and tools and the resulting cyber defense may prevent testers from using parts of these testing...