Twin Cities Quality Assurance Association

  • Home
  • Strategies for Effective Security Unit Testing

Strategies for Effective Security Unit Testing

  • 11 May 2017
  • 4:15 PM - 6:00 PM
  • US Bank (Arrowhead Room), 1 Meridian Crossings, Richfield, MN 55423
  • 12

Registration

  • If you are not an Individual Member or the employee of Member Corporation, please register using this option & submit your payment within 3 business days to secure your reservation.
  • If your company is a Corporate Member of TCQAA, please register using this registration type. There is no cost to attend. You must have an active membership before you can sign-up for the event (at no charge). Contact your Corporate Admin to have your information added prior to registration.
  • This event is free for members. If you have joined as a Member and paid dues for 2017, you may register as a member and pay no fees to attend!

Registration is closed

Seth Law from nVisium presents: Strategies for Effective Security Unit Testing

Summary: Using DevOps practices such as Test Driven Development (TDD) and Continuous Integration (CI), it is possible to overcome both security and development weaknesses around unit testing and implement a custom security unit-test suite for any application.

This presentation will address the current limitations of security unit-testing applications with existing tools and various frameworks. Seth will introduce a generic framework for creating security unit-tests for any application and then review common strategies for building application security-specific unit-tests, including function identification, testing approaches, edge cases, regression testing, and payload generation.

In addition, this presentation will demonstrate these techniques in Java Spring and .Net MVC frameworks using intentionally-vulnerable applications. Finally, Seth will introduce SPUTR (https://github.com/sethlaw/sputr), an open-source repository of security unit-testing payloads that can be used as a starting point for creating custom security unit-tests. Attendees will gain an understanding of how to implement custom security unit and integration-tests, to help their organization increase their assurance that security flaws do not exist in critical code bases.

Encourage members of your Development team to join you!

Bio: Seth Law is CSO with nVisium, and an expert in application security.  He spends the majority of his time breaking web and mobile applications, but has been known to code when the need arises. Seth is currently involved in multiple open source projects (including RAFT) and is working with others to advance the state of security testing. He is presenting this same presentation at Black Hat Asia 2017 and has spoken previously at Blackhat, Defcon, Secure360 and other security conferences.


© Twin Cities Quality Assurance Association (TCQAA) a 501c(3) organization. All Rights Reserved.

Powered by Wild Apricot Membership Software