Please enable JavaScript.
Coggle requires JavaScript to display documents.
QA or Hacker ? - More unites us than divides us (What do we have in common…
QA or Hacker ? - More unites us than divides us
What do we have in common ?
We're both concerned with human behaviour
Users will never do that ?
If they can they likely will
Antagonist approach
We want to break stuff / prove it's broken
Hackers / red team want to find a way in
We both find the risks
Technical knowledge
Architecture
Code
Environment / infrastructure
Thankless
People think issues happen because of poor QA
Pentesters miss stuff too!
Automation
Tools can support us
We can build our own tools ?
People keep saying tools will replace us
Exploration / investigation
We use information discovered to guide our testing
What are our differences?
We need to think like different types of users
Can be difficult to security test in production
Depth of knowledge
Some testers are shallow - on the surface only
What can we learn from each other ?
Security isn't such a dark art
Can we shift security left better ?
How we can use automation
Hackers / pentesters speaking at QA confs and vice versa
QA aren't responsible for all the bugs
Whats the goal ?
Attempt to bridge gaps between communities
Testers tend to find security intimidating
Try and show that bugs aren't just because of poor QA
How can we shift security left