automated security testing - anztb · agenda •what is security testing ? •why we testers need...
TRANSCRIPT
![Page 1: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/1.jpg)
AUTOMATED SECURITY TESTING
![Page 2: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/2.jpg)
AGENDA• What is Security Testing ?
• Why we Testers need to worry about it ?
• Why Automated Security Testing?
• How can we Automate this?
• Demo
• Resources
![Page 3: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/3.jpg)
WHAT IS SECURITY TESTING
• Part of Software Testing
• Process intended to reveal flaws in the security mechanism.
![Page 4: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/4.jpg)
I AM NOT A SECURITY TESTER !
• Why do we, Testers need to worry about security testing ? Isn’t there a
Security Team to handle this ?
• Tester = { Functional testing + Non Functional
(Performance, Security..)}
![Page 5: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/5.jpg)
WHY AUTOMATED SECURITY TESTING?
![Page 6: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/6.jpg)
• Detect known vulnerabilities early in the cycle
• Reduce Costs – Amount of time you need to hire Security professional
• 10 min to get you started with your first Attack proxy and scan
• Can use your existing automated functional tests to generate HTTP traffic, no
need to write special security tests.
![Page 7: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/7.jpg)
WHERE ARE WE ? AS ON 2014
United States
Japan
Spain
United Kingdom
Germany
China
Ukraine
Switzerland
Mexico
Canada
![Page 8: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/8.jpg)
HOW DID WE DO? “ATTACK PROXIES”
• Sit between Target and Tester
- Search for http traffic patterns
- Manipulate headers
- Scan for vulnerabilities
- Fuzzing
![Page 9: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/9.jpg)
ALWAYS REMEMBER
• Never run any Security Tests on sites that you
aren’t authorised to do so.
![Page 10: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/10.jpg)
IN ACTION…
![Page 11: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/11.jpg)
RESOURCES – SO MANY OPTIONS TO EXPLORE!
• https://www.owasp.org/index.php/Appendix_A:_Testing_Tools
![Page 12: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/12.jpg)
BDD IN SECURITY TESTING. IS IT POSSIBLE?
![Page 13: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/13.jpg)
ON GITHUB
• https://github.com/impeccable-tester/SecurityTesting
![Page 14: Automated Security Testing - ANZTB · AGENDA •What is Security Testing ? •Why we Testers need to worry about it ? •Why Automated Security Testing? •How can we Automate this?](https://reader031.vdocuments.net/reader031/viewer/2022021821/5b097e147f8b9a93738df3ee/html5/thumbnails/14.jpg)
I AM NOW A SECURITY TESTER