Declan O’Riordan – What? Why? Who? How? Of Application Security TestingBY : softtestireland - Thursday, February 26th, 2015 at 10:53 am
SoftTest Ireland in association with ITAG SkillNet and EuroSTAR Conferences present:
Speaker: Declan O’Riordan, Test and Verification Solutions (TVS), UK
Title: What? Why? Who? How? Of Application Security Testing
Date: 11th March, 2015
Venue: The Clayton Hotel, Ballybrit, Galway.
Registration via this link: https://www.eventbrite.ie/e/galway-event-application-security-testing-by-declan-oriordan-tickets-16012924087
A penetration testing expert is better at pen-testing than me, but should I simply delegate application security to specialists and network firewalls? Actually no, I shouldn’t and neither should anyone else involved in the systems development lifecycle.
For years I treated security testing as something akin to black magic beyond my comprehension and penetration testers as technical wizards who could cast out evil hacking spells. Obviously that was daft, but it took some effort to see what was really happening behind the smoke and mirrors of application security, and to de-mystify it for my colleagues.
Follow the journey that led me to believe every well-formed tester can and must have a basic understanding of what application security is, why it is important, who should be doing it, and how.
After this presentation you can stop describing security as ‘Out of Scope’ from your test plans.
Declan had never spoken in public before 2014, yet he set himself the goals of being accepted as a speaker for EuroSTAR Software Testing Conference, winning the prize for best conference paper, and having my talk voted the ‘do-over session’ that attendees would most like to have repeated. All these goals were achieved, and have led to him joining the 2015 EuroSTAR programme committee.
“I haven’t written any books and apart from winning the EuroSTAR 2014 best conference paper, I’m not special at all. I’m just a tester, and I’ve learned how to include application security in my daily work. If I can test application security, then you can too.
This is the only subject in my 34-year IT career that I’ve ever felt is so important I have to get up on stage and make more people aware. When I started speaking about application security I found the audiences really enjoyed the story and returned to work galvanised into action. I’m confident you will feel the same. This is useful stuff.”