Meet the Speakers
PNSQC Webinar with Bhushan Gupta & Phil Lew
Requirements Based on Web Application Security Testing
Security Software Testers Must be One Step Ahead of the Hackers!
Bhushan Gupta has dedicated his life to frustrating the bad guys–you know them as hackers, but to Bhushan they are the enemy. But in his Sept. 7 PNSQC webinar with host Phil Lew, Bhushan will discuss his battles with another enemy–poor testing strategies. He will discuss how most web application security testing efforts don’t yield a high level of confidence and sense of security in a developer’s mind. He’ll tell us what happens when a tester’s confidence wanes further when, short on resources, time and support from above, he is confronted by a bad guy obsessed with figuring out new exploits to hack your application.
Today’s web application developers have to think about intrinsic security, that is, building security throughout the SDLC. We build applications based upon well-formed customer requirements. Why should we not, then, build our applications based on the fundamental principles of security and then harden security from the hacker’s perspective?
This webinar discusses an approach that aligns the web application security testing with the three basic principles of security: Confidentiality, integrity, and availability, or CIA. The approach first establishes the requirements dictated by each element of CIA, especially Confidentiality, as it places the most stringent requirements on an application. It then deduces acceptance criteria and illustrates thought process to develop a test plan which spans over both static and dynamic (traditional testing) code analysis. The webinar continues to demonstrate how to apply the DREAD model to prioritize the vulnerabilities found during testing to facilitate the removal of the most critical vulnerabilities first.
Join us! After registering, you will receive a confirmation email containing information about joining the webinar. Brought to you by GoToWebinar®