Security Checklist For Software Testers?

heather_reid · 4 July 2018 14:02

There’s been a lot of security breaches in the news recently, I guess there always is. The most recent ones being Ticketmaster and Addidas.

I read a blog a while ago about a web developer security checklist. It looks pretty cool! I was wondering if anyone had something like that for software testers? I’m thinking mind maps, checklists, any kind of list like this, we’ll call it the web testers security checklist

There’s obviously the OWASP Top 10 but I’m thinking maybe something a bit less wordy.

heather_reid · 10 July 2018 13:10

Thank you to @danielbilling for this

Some food for thought from Emma

And some great mindmaps from @santhosh.tuppad too

prachijain.me · 10 July 2018 22:59

Hi Heather
I would still rely on OWASP top 10 because that is the first checklist. That list is formed after collecting knowledge from security experts all around the world and with real-world data. We should be testing those 10 things- however, for the understanding of the testers, the text on the website can be simplified- and there are blogs for that. I had a thorough study of it and have tested the list before- it’s truly amazing!

heather_reid · 11 July 2018 09:11

Hi Prachi,

Could you add some of those blogs here? That would be really helpful

prachijain.me · 11 July 2018 20:17

One of the links is:

https://confengine.com/agiledc-2017/proposal/4761/how-to-test-for-the-new-owasp-top-10-vulnerabilities

It is very short and most practical!

motareksamir · 12 July 2018 09:47

Hello ,

Here is a presentation about Web Application Security Testing Essentials , i made it my self a while ago , sorry for the presentation UI i had to remove the branding
https://drive.google.com/file/d/1Mu2ttdPkkyBAzRcVDabUEbMzu4iKW1kQ/view?usp=sharing

I may post a security testing articles on my blog , i will add the links here once posted

Thanks ,
Mohamed

motareksamir · 20 July 2018 12:50

Also i found this document “A Security Checklist for Web Application Design” which may be useful.
security-checklist-web-application-design-1389.pdf (346.0 KB)

pabs616 · 31 July 2018 16:39

I wrote this up last year, following a Test Master’s Conference Workshop I attended regarding Information security, given by @danielbilling, and added my thoughts as it applies to the overall SDLC:

https://severeqa.blogspot.com/2017/01/security-testing-getting-started-by.html

Topic		Replies	Views
Looking for demo web testing applications 🗄️ Archive	7	1263	18 May 2022
Security Testing - Where on earth do you start? 🙋 Questions security , certifications , owasp	16	10495	16 November 2023
Novel testing tools, terms, and techniques 🙋 Questions	17	479	31 January 2024
Security Testing Learning 🗄️ Archive learning , security	13	556	11 June 2021
TestBash World 2022 - Transitioning Into QA: My Shift Left with Brittany Stewart 🪐 TestBash quality , testbash-world	4	422	4 July 2022

Security Checklist For Software Testers?

Related Topics