STAREAST 2025 - Security Testing
Tuesday, April 29
Web Security Testing: The Basics and More
Web applications are often security critical or serve as front-ends for security critical applications, making web testing for vulnerabilities an essential part of software testing. Unfortunately, most software testers have not been taught how to identify web security issues while testing applications. Join Tom Stiehm as he shares what you need to know to security test web-based applications as part of your overall testing process. Learn about the most common web security vulnerabilities and how they are introduced into web code and exploited by hackers. Explore test techniques for...
Wednesday, April 30
Revolutionizing API Quality Assurance with Contract Testing and Error Code Analysis
In today’s microservices-driven landscape, ensuring seamless communication between services is critical. Traditional testing methods often fall short when it comes to detecting integration issues early in the development cycle, leading to unexpected failures in production. Contract testing is emerging as a powerful solution to this challenge, providing a way to verify that services meet agreed-upon expectations without relying on full end-to-end testing. This session will delve into the fundamentals of contract testing and how it enhances API quality assurance by detecting inconsistencies...
Thursday, May 1
Navigating the Intersection of Security Testing and Secured App Testing
In today's rapidly evolving digital landscape, ensuring the security of applications has become paramount. However, the traditional manual approaches to security testing and functional testing of apps once they have been secured is time-consuming, error-prone, and often fails to keep pace with emerging threats. This session will explore the challenges and opportunities at the intersection of automating security testing and testing secured applications. Karen will delve into a real-world case study where her team faced the daunting task of securing a complex application. By using multiple...
Testing Product Resiliency with Chaos Engineering
Dive into the exhilarating world of Chaos Engineering, where chaos is not a threat, but a catalyst for resilience and innovation of product and security practices. This talk explores the transformative power of Chaos Engineering in navigating the unpredictable landscapes of software testing for product resiliency, which also directly impacts operational security. Organizations are often stuck on the “build it quickly and move on” mindset, leaving opportunities for competitors and security threats to set up their home base. Learn how leading organizations harness controlled chaos to uncover...