Ask Me Anything: Security Testing

Our latest “Ask Me Anything” had the very talented @danielbilling talking all things security testing :tada:

Dan has done many workshops for security testing at various MoT and other events. He’s even summarised the questions he often gets asked in these workshops The Most Common Web Application Security Testing Questions.

If we didn’t get to your question tonight, why not ask it here? Maybe you’re catching up on the Dojo and have thought of some more questions or follow up ones to those answered by Dan tonight. You can ask them all here :slight_smile:

TestSphere wasn’t around when Dan got into security testing but it was recommended tonight as a good place to start. He’s even used it in some workshops!

Dan talked about input fields and potential places for security risks which reminded me of these posts: How to Test a Text Field & How to test error messages.

For basic learning:



As starting points for your testing ideas

Have some evil user personas Setting up and using testing personas.

Safe sites to practice testing on (includes security testing safe places)


1 Like

Good evening. If anyone wants to follow up with me now, tomorrow or going forward you can ask me here, find me on Twitter or on the MOT and Testersio Slack channels.

1 Like

This is the talk I mentioned by the awesome Keren Elazari:

1 Like

One of the questions we didn’t get to answer was “What’s the most worrying real-life security vulnerability you’ve read/heard about?”

To answer that question, it was this:

An organisation that deals with any sensitive data, particularly those that can’t advocate for their own security, like children, has a responsibility to take care of our data. Vtech failed at this in most terrifying fashion.

Also, I’m pretty scared by security flaws with weapon systems and power stations.

1 Like

A great book on threat modelling! Check it out!

1 Like