addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

WeTest Workshop - Security isn't scary

  • May 23, 2013 · 5:30 PM
  • This location is shown only to members

Security is an important topic, and is now regularly in the news, so testers have to be aware and diligent in this area. Reading security documentation makes it seem like only gurus can understand vulnerabilities. In fact, not all aspects of security are hard, you may have even found security defects without knowing (and may or may not have picked their severity correctly!).

Dave hopes to break some of the misconceptions around security testing and give us a few new skills and some confidence in identifying security issues. He'll also discuss when security testing should occur in the project and who should do it.

How does the workshop work?

After the presentation we enter "Open Season" and attendees are encouraged to discuss, question, challenge, and share ideas on the topic. Participation is expected, so come prepared to contribute! Structure and facilitation will follow the same format as KWST and is best described in the following link - http://adam.goucher.ca/?p=234

Will there be food and drink?

Yes. This workshop is free of charge thanks to sponsorship from Assurity and includes pizza, beer and non-alcoholic beverages.

What time does it finish?

Doors open at 5.30pm. The first session runs 5.45pm - 6.45pm, then a 15 minute break for pizza, followed by a second session from 7pm - 8pm.

How do I attend?

RSVP for the event. Numbers are limited to the first 20 participants, but if you're keen please add yourself to the waiting list. We often get a big waiting list that disappears closer to the time, as attendees drop out due to schedule conflicts or illness. Testers of all experience levels welcome.

 

 

Join or login to comment.

  • Dave

    1 · May 28, 2013

  • Dave

    Thumbs up on the venue it works well.

    May 24, 2013

  • Tony

    A good introduction to my first workshop. My only gripe is that the pace was a bit slow and there was sometimes repetition of threads/discussion points..

    May 24, 2013

    • Dave

      Never be afraid of the rat hole card.

      1 · May 24, 2013

    • Aaron H.

      Thanks for the feedback. We'll keep that in mind in future, and as Dave said, don't be afraid of the purple card if you feel like the current discussion isn't valuable, or moving too slowly.

      1 · May 24, 2013

  • Tony

    Enjoyed my first WeTest Meet Up - heavy duty! That said, will definitely be back for more :)

    May 24, 2013

  • Dave

    Thanks for everyone turning up last. Hopefully you all had something to take away from the session.

    That bit where you end talking and wait for a new thread card and then some same thread cards to pop is awfully nerve raking. But given the red cards there was some passion there last night.

    Some Links:
    * 2013 OWASP Top 10 - https://www.owasp.org/index.php/Top_10_2013
    * OWASP Cheatsheets - https://www.owasp.org/index.php/Cheat_Sheets
    * CVSS Common Vulnerability Scoring System - https://en.wikipedia.org/wiki/CVSS
    * MS Secure Development Lifecycle. A framework for running a secure lifecycle - https://www.microsoft.com/security/sdl/default.aspx

    Meetups
    * OWASP looks at Web Security topics - http://www.meetup.com/OWASP-New-Zealand-Chapter/
    * ISIG general secuirty topics and varies a lot - https://isig.org.nz/

    2 · May 24, 2013

    • Tony

      Hi Dave. Thanks for hunting out and posting the cheat sheets here. Will definitely check them out.Cheers

      May 24, 2013

  • Julian A.

    A good session with some robust discussion. Security is always a tough topic and as the sole non-tester present, I learnt a lot thanks to the facilitated discussion. Thanks everyone and sorry I had to leave early but I stay out in the boonies of Upper Hutt and trains are somewhat unreliable as of late.

    May 23, 2013

  • Donovan

    Dam. Going to have to cancel this one

    May 23, 2013

  • James 'Jimbo' H.

    Apologies - I've got to work late tonight; have fun :)

    May 23, 2013

  • A former member
    A former member

    Yeah..I am off waiting list... :)

    May 22, 2013

  • Oliver

    Sorry too much on. :-(

    May 22, 2013

  • A former member
    A former member

    Won't be able attend sorry.

    May 22, 2013

  • Andy H.

    Sorry, cant make it any more.

    May 21, 2013

  • John M

    Hope to join this one!

    April 29, 2013

  • James 'Jimbo' H.

    Can we get a tech demo please? Perhaps pointing WebInspect @ a target test website and give it a good going over?

    1 · April 23, 2013

    • Katrina C.

      We should definitely run a practical tips thread of discussion where everyone shares the common security tests they run (the low hanging fruit). We weren't intending to set up a technical demo though.

      1 · April 23, 2013

    • Dave

      For those looking at the more technical/demo side OWASP NZ has started up again http://www.meetup.com...­ there next meeting (the day before this one) currently doesn't have a topic but on the past they have gone through the OWASP Top 10, secure password reset procedures, walk through of BEEF, etc. Also on the last Thu of each month there is ISIG https://isig.org.nz/­ which is also worth a look for the technical side.

      April 29, 2013

  • Mike T.

    Oops - just remembered my brother is over from the UK, so can't make it!

    April 22, 2013

    • Mike T.

      Oooh ... I stand corrected! ;-)

      April 23, 2013

    • Damian G.

      Technically not *all* of the bar tab, but that was mainly due to my greed.

      April 23, 2013

  • Paul D.

    I've heard these session are good value so count me in

    April 22, 2013

  • Venkat M.

    Count me in

    April 22, 2013

  • Tony

    Will there be anything covering testing for javascript vulnerabilities? Hope there could be :)

    April 22, 2013

    • Dave

      WeTest is more of a discussion amongst peers than a a presentation, so I don't envision going into the deep how tos.

      April 22, 2013

    • Dave

      Have a read of http://adam.goucher.c...­ that goes into how it will be run.

      April 22, 2013

  • Aaron H.

    Definitely interested to hear how I as a non-specialist security tester can add value by identifying threats to security

    April 22, 2013

  • Donovan

    Will be there.

    April 22, 2013

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy