April KWSQA Meeting – Apr 27, Ken De Souza

27Apr2016

From 11:30 until 1:15

TOPIC: the bare minimum you need to know about web application security in 2016

PRESENTED BY: Ken De Souza
 
SPEAKER BIOGRAPHY: Ken De Souza has been in software development for over 15 years, starting as a developer bent on automatically checking everything he built. He is a security enthusiast, currently specializing in exploratory testing and building automated checks, with a passion for delivering high quality software at a rapid pace. He has recently spoken at QA or the Highway 2015, CAST 2015 and Targeting Quality 2015.

Twitter: @kgdesouz
Blog: blog.tkee.org
 
MEETING OVERVIEW: 
Security testing is a huge topic. In the Waterloo region, there are many small companies that are building software. Not all of them have the resources to spend on doing a lot of security testing, yet it is still a requirement. In this talk, we will explore some of the basic things a tester should know about web application security, such as the resources available from OWASP. As part of this talk, Ken will demo the following tools:
- OWASP Zed Attack Proxy
- Microsoft Thread Modeling tool
- Wireshark / tcpdump
- sqlmap (SQL exploitation tool)

Attendees will take away:
- A quick overview of some tools that you can use on a daily basis today
- Resources to learn more about security tes