STAREAST 2025 - Security Testing
Tuesday, April 29
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Wednesday, April 30
The Future of IAM Security: It's Continuous, It's Tested
Everything that has a beginning also has an end...except a circle. IAM is going through a renaissance, if you will, and it is referred to as Continuous Identity or Modern IAM. Testing for IAM can be complicated already. With the move to continuous it is transforming into event-driven IAM and takes an already complicated domain and adds in constantly changing context, fun times! So, how do you test something that is constantly evolving and changing based on dynamic business needs, security or policy? You take the blue pill, the IAM story ends. You wake up in your bed and believe whatever...
Revolutionizing API Quality Assurance with Contract Testing and Error Code Analysis
In today’s microservices-driven landscape, ensuring seamless communication between services is critical. Traditional testing methods often fall short when it comes to detecting integration issues early in the development cycle, leading to unexpected failures in production. Contract testing is emerging as a powerful solution to this challenge, providing a way to verify that services meet agreed-upon expectations without relying on full end-to-end testing. This session will delve into the fundamentals of contract testing and how it enhances API quality assurance by detecting inconsistencies...
Thursday, May 1
Using AI in Testing, Development, and Production to Automate Fraud Prevention
In today's rapidly evolving digital landscape, preventing fraud and ensuring security of applications through development and production has become paramount. However, the traditional manual approaches to security testing, fraud detection and functional testing of apps once they have been protected is time-consuming, error-prone, and often fails to keep pace with emerging threats such as FaceID bypass using deepfakes. This session will explore the challenges and opportunities at the intersection of automating security testing, fraud detection and testing protected applications. Karen will...
Testing Product Resiliency with Chaos Engineering
PreviewDive into the exhilarating world of Chaos Engineering, where chaos is not a threat, but a catalyst for resilience and innovation of product and security practices. This talk explores the transformative power of Chaos Engineering in navigating the unpredictable landscapes of software testing for product resiliency, which also directly impacts operational security. Organizations are often stuck on the “build it quickly and move on” mindset, leaving opportunities for competitors and security threats to set up their home base. Learn how leading organizations harness controlled chaos to...