Recommended for junior testers, mid testers, senior testers & leads, managers.

Exploring Security is a workshop that delves into the exciting but often complex world of security testing. Security is a vital aspect of software quality that is not always well understood by engineering teams. This workshop will explore threats, risks, and vulnerabilities in a way that will allow you to apply a range of skills to your own applications and projects.

Through threat modelling, risk analysis and vulnerability detection and approaches to communication and reporting, attendees will navigate the challenges of application security that impact businesses, products, services, and users every day.

Objectives

Be able to identify, exploit and communicate potential threats risks and vulnerabilities to a vulnerable application

Key takeaways

By the end of this workshop attendees will be able to:

• Use the STRIDE threat model to identify potential threats to a vulnerable application
• Identify a range of security vulnerabilities, using exploratory techniques and tools
• Communicate risk and information about potential vulnerabilities to stakeholders using various means, such as bug reports

Prerequisites – Attendees will need to:

• Be an admin user on their machine (Mac/PC)
• Installed OWASP Juice Shop – OWASP Juice Shop | OWASP Foundation
• Attendees can use any method of installation, via Source, or a Packaged installation via Docker.
• Install OWASP ZAP – Zed Attack Proxy
• Ideally be familiar with the command line, git, modern browsers and their tools

Access to the tutorial:

The tutorial is available through 2 types of tickets:

• 1 Tutorial + Conference day – select this tutorial from the list and continue to checkout
• 2 Tutorials + Conference day – select a tutorial for June 6th, this tutorial for June 7 and  continue to checkout