Upload File

deploying security testing practice · deploying security testing practice by artem vasiuk. in...

  • Home
  • Documents
  • Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark
20
Deploying Security Testing Practice by Artem Vasiuk

Upload: others

Post on 31-May-2020

11 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Deploying Security Testing Practice

by Artem Vasiuk

Page 2: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

In testing since 2004

Test Manager in Danish company Scalepoint

From Ukraine. Live in Denmark

Love snowboarding

About me

Page 3: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Increasing number of breaches

Numerous tools for detection and attacks

New area for personal development

High stakes due to GDPR

Why Security?

Page 4: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Page 5: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Let’s do it! But what’s next step?

Should we do it or delegate to professionals?

How do we get time for it?

Can robots do the stuff for us?

The Beginning

Page 6: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• Management Decision

• Need Driven

• Personal Initiative

• Career Opportunity

The Situation

What is the driver?

Page 7: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• One-man battle

• Team Work

• Corporate Goal

The Situation

How do you organise the process?

Page 8: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• Secure Frameworks and Components

• Automated Testing Tools

• Professional Consultants

The Situation

Where do you focus?

Page 9: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• Non-Functional Testing of Features

• Design Review and Code Review

• Penetration Testing per Release

• Definition of Done

The Situation

When do you act?

Page 10: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• Top 10 Vulnerabilities

• Testing Checklist

• App Sec Verification Standard (aka ASVS)

• Software Assurance Maturity Model (aka SAMM)

Can I help you?

OWASP.org

Page 11: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Top 10 Vulnerabilities

Page 12: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Testing Checklist

Page 13: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

ASVS

Page 14: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

SAMM

Page 15: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Burp Suite, Zed Attack Proxy (ZAP), AppScan

SonarQube (Java, C#, JS... +DependencyChecker)

Security test data in Automated tests

Improve Efficiency

Automated Sec Scanning tools

Page 16: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Scanning Setup

Page 17: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

"Who would even hack us? People are nice!"

"We have firewall (https, kaspersky, ________) to protect us!"

"We have Michael. He is responsible for Security"

"I have no time for learning"

"Security is technical, so do it in your Technical backlog"

"Ok, ok…But let’s do release now and improve Security later"

Challenges

Page 18: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

• The Web Application Hacker's Handbook

• Kingpin: How One Hacker Took Over the

Billion-Dollar Cybercrime Underground

Must read

Page 19: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Pluralsight course

• "Hack yourself first" by Troy Hunt

• "WebApp Penetration Testing" by Sunny Wear

Must see

Page 20: Deploying Security Testing Practice · Deploying Security Testing Practice by Artem Vasiuk. In testing since 2004 Test Manager in Danish company Scalepoint From Ukraine. Live in Denmark

Thank you!

The End


Testing Discrimination in Practice

Protocol Security Testing best practice

ASTM Practice for IGC Testing

PV213 EIS in Practice: 10 – Testing 1 PV213 Enterprise Information Systems in Practice 10 – Testing

Testing & deploying microservices - XP Days Ukraine 2014

Deploying Constraint Programming for Testing ABB’s

PSSA Practice Testing!!!

Best Practice Guidelines for Deploying EX8200 Virtual ... · 8 Copyright © 2013, Juniper Networks, Inc. IMPlEMENTaTIoN guIDE - Best Practice guidelines for Deploying EX8200 Virtual

Exploratory Testing in Practice

Module 36 Testing and Deploying Workflow Processes

Testing Practice: Lera Technologies

Best Practice Tank Testing

Hypotheses Testing Practice (Answers)

Best Practice Guidelines for Deploying EX8200 Virtual Chassis Configurations

Best Practice for Deploying VXLAN with CIsco Nexus 1000V and VMware vCloud Director

1 WSI-SRS Team Safely Deploying Tactical Smoke Grenades During Performance Testing Activities

DEPLOYING NFV: BEST PRACTICES - Red Hat · DEPLOYING NFV: BEST PRACTICES Rimma Iontel Senior Cloud Architect, Cloud Practice [email protected] ... High Availability for Platform

Practice Testing Software Guide

Testing Practice

Deploying RAXEM2 Planning Improvements in Daily Work Practice

Ready.... or Not? Creating, Testing and Deploying New Technology in K-12 Schools

The End of the Beginning: Deploying Applications to ...Days... · Deploying Applications to WebLogic Server ... . 12c practice on Quovera ... The End of the Beginning: Deploying Applications

Good Practice Guide for securely deploying Governmental Clouds · Good Practice Guide for securely deploying Governmental Clouds Page iii Executive summary Public and private sector

Standards of Practice: Testing

Agile testing practice

Mechanism Design and Testing of a Self-Deploying … Design and Testing of a Self-Deploying Structure Using Flexible ... composite tape spring booms that ... the tape spring design

Testing & Deploying node.js apps

Deploying LTE 1800 MHz: discovering best practicedocshare01.docshare.tips/files/12864/128641097.pdf · Deploying LTE 1800 MHz: discovering best practice ... Commercial Nokia Siemens

Testing Battle.net - (Before deploying to millions of players) · Contents 1 A bit about Battle.net 2 Testing legacy code 3 Testing scalability (I) 4 Property-based testing 5 Testing

Practice Testing - GitHub Pages

Web & Mobile App Testing | Continuous Testing | …...development process from coding, building, integrating, testing, and deploying the code to production. Whenever tasks are broken,

Front End from the Front Lines: Building Testing and Deploying Modern Web Apps

Building, Testing & Deploying Android Apps with Jenkins

Testing Predictive Models in Production€¦ · TESTING PREDICTIVE MODELS IN PRODUCTION Model Testing: An Overview . As we mentioned above, deploying models to production and letting

Dell Best Practice Deploying Windows Server 2008 With PS Series SANs