Testing Security In, the Right Way
Adi Belnikov, Iris Levari at Global AppSec Tel Aviv 2019
Developing secure software requires a solid SDLC, including all team members throughout ALL stages of the process, from requirements through implementation.
So how come we always ignore QA? Why do we often talk about developers as security champions, but rarely mention the QA team for this?
In our talk, we will show how to integrate the QA team into the security testing process, and why we should shift some of the security tasks to QA for optimum results.
We’ll see some examples, and templates, we built and used for our projects, that the audience can implement quickly in their own projects.
We aim to convince the audience that a partnership between QA & Security teams can work very well, based on their mutual interests, and this will enable in-depth security testing, both automatically and manually, to be done in every sprint.
Iris Levari
Application Security Expert, Self Employed
An Application security architect @ Playtech, 20 years in Cyber security,CISSP trainer, SDLC practitioner,LA27001, loves cryptography, penetration testing.
Adi Belinkov
JPMorgan Chase & Co, VP Cybersecurity
Currently a VP Cybersecurity at JPMorgan Chase & Co an Application security architect, 7 years in Cyber security,Ironsource: 2015-2018 as Security Manager at ironSource2013-2015 as Information Security Consultant at EY (Hacktics)Degree in Software Engineering.
So how come we always ignore QA? Why do we often talk about developers as security champions, but rarely mention the QA team for this?
In our talk, we will show how to integrate the QA team into the security testing process, and why we should shift some of the security tasks to QA for optimum results.
We’ll see some examples, and templates, we built and used for our projects, that the audience can implement quickly in their own projects.
We aim to convince the audience that a partnership between QA & Security teams can work very well, based on their mutual interests, and this will enable in-depth security testing, both automatically and manually, to be done in every sprint.
Iris Levari
Application Security Expert, Self Employed
An Application security architect @ Playtech, 20 years in Cyber security,CISSP trainer, SDLC practitioner,LA27001, loves cryptography, penetration testing.
Adi Belinkov
JPMorgan Chase & Co, VP Cybersecurity
Currently a VP Cybersecurity at JPMorgan Chase & Co an Application security architect, 7 years in Cyber security,Ironsource: 2015-2018 as Security Manager at ironSource2013-2015 as Information Security Consultant at EY (Hacktics)Degree in Software Engineering.