Security Testing for QA Professionals: Enabling the Versatile Tester

Functional testers and QA professionals are much more readily equipped to perform software security testing than you may think. The difference between confirming known functionality and discovering unknown, unintended functionality in a piece of software or application may seem like night and day – but in reality it’s simply a matter of tools, mindset, and enablement. This tutorial will teach you these key components, and couple them with your deep understanding of the application design, use-cases, and test data to make help you become far more effective to the enterprise’s software security testing strategy. Join Daniel to learn why we do security testing, what characterizes security testing versus other types of testing, and the difference between static and dynamic testing. Understand the testing toolkit and real world examples of its use.

  • Understand how the security testing perspective differs from other testing types
  • Explore the methodology used in performing black-box testing
  • Learn common tools used by security testers


Daniel Miessler, HP

Daniel Miessler is Principal Security Architect with HP Software based out of San Francisco, California. He specializes in application security with specific focus in web and mobile application assessments, helping enterprise customers build effective application security programs, and speaking with executives about how to best leverage technologies and processes to reduce real-world risk. In his spare time he enjoys reading and writing obsessively, programming, optimizing web servers, and playing competitive table tennis.

Don't miss these other great sessions at the QUEST 2013 Conference and EXPO: