PNSQC Webinar with Bhushan Gupta & Phil Lew
Requirements Based on Web Application Security Testing
Security Software Testers Must be One Step Ahead of the Hackers!
Thursday, September 7, 2017, 8:00 am PDT (11:00 am EDT)
Register Now for the Webinar
PNSQC volunteer and prolific conference speaker Bhushan Gupta wants to keep you and your software secure. He will tell you all about it as the guest presenter of our next 2017 Meet the Speakers webinar, Sept. 7, at 10 am PDT. With host Phil Lew, Gupta will discuss one of his favorite topics: Testing software for security purposes. You should register now for the webinar.
Gupta believes the rising incidence of successful hacking of financial, healthcare and retail software has reached a crisis stage — and mostly because it’s at best an afterthought during the development of new software.
The heart of this problem lies with penetration testing, the current “best practice” in software testing. This approach to testing — where testers attempt to penetrate a system — falls far short of what’s needed, he says.
“I advocate for requirements-based web application security testing. It’s a preemptive approach,” Gupta says. “My main message is that you have to build security from inside out.”
He explains: To build software for security, first you need to know what the security requirements are. Once you know the requirements, you need to identify the security controls. After that, you need to apply the testing methodology to build a secure product.
Bhushan will introduce the webinar audience to several tools he uses when building security from the inside out, as well as to dread methodology, “a technique to determine the severity of the vulnerability of the software to penetration.”
His strategy for building security in is based upon the reality that hackers come in many shapes and sizes, and merely trying to penetrate a system “like a hacker” after the software is built is too little testing too late.
“In security today, people rely only on penetration testing. That’s from outside in. The hacker is trying to break in, get a foothold in the system, and take control of the system. But we don’t know how they’re doing it, and if we haven’t built security in from the very beginning of development, all we know when we’re done is that we either did or did not penetrate. We still don’t know anything about how secure the software really is.”
You’ll hear all this and more, including eye-opening tales of systems hacking, on the hour-long Sept. 7 webinar Security Software Testers Must be One Step Ahead of the Hackers, with host Phil Lew.
Please Register For
Requirements Based Web Application Security Testing with Bhushan Gupta
#PNSQC17 Summer Webinar Series on
Thursday, September 7, 2017, 8:00 am PDT (11:00 am EDT)
Register Now for the Webinar
