Course Summary :
Ken van Wyk delivered this lecture at SecAppDev Leuven 2013.
+ Understand how several popular security testing methodologies work
+ What issues can be found using each technique
+ Appreciate the availability of tools for each popular security testing methodology
+ Develop a security testing program that best fits the need of any specific application
Overview : Adequate security testing of modern software goes far beyond the simple penetration testing that was popular in the 1990s and early 2000s. Penetration testing is, after all, an outside in approach to testing (aka "black box") and can be highly limiting in the sorts of findings it is capable of spotlighting. To rigorously test the security of software today requires a combination of both outside in and inside out methodologies. And yet, software developers and testers are faced with timelines and budgets that are tighter than ever. In this session, we'll delve into several practical testing methodologies that can be employed to test today's software. Tool examples will be described where applicable as well.
Ken van Wyk is a CERT® Certified Computer Security Incident Handler, an internationally recognized information security expert and author of two popular O'Reilly books, Incident Response: Planning & Management and Secure Coding: Principles and Practices, as well as a monthly columnist for eSecurityPlanet. Ken is a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University, where he is a course instructor and consultant to the CERT® Coordination Center. Ken has previously held senior information security technologist roles at Tekmark's Technology Risk Management practice, Para-Protect Services, Inc., and Science Applications International Corporation (SAIC). Ken was also the Operations Chief for the U.S. Defense Information Systems Agency's DoD-CERT incident response team, as well as a founding employee of the CERT® Coordination Center at Carnegie Mellon University's Software Engineering Institute. Ken has previously served as the Chairman and as a member of the Steering Committee for the Forum of Incident Response and Security Teams (FIRST), a non-profit professional organization supporting the incident response community. He currently sits on their Steering Committee and Board of Directors.
This course is licensed under creative commons (reuse)
Target Audience :
Software Testers, Security Analysts
Section 1 - Security Testing - Fundamentals