QA or Hacker ? - More unites us than divides us (What do we have in common…
QA or Hacker ? - More unites us than divides us
What are our differences?
We need to think like different types of users
Can be difficult to security test in production
Depth of knowledge
Some testers are shallow - on the surface only
What can we learn from each other ?
Security isn't such a dark art
Can we shift security left better ?
How we can use automation
Hackers / pentesters speaking at QA confs and vice versa
QA aren't responsible for all the bugs
Whats the goal ?
Attempt to bridge gaps between communities
Testers tend to find security intimidating
Try and show that bugs aren't just because of poor QA
How can we shift security left
What do we have in common ?
We want to break stuff / prove it's broken
Hackers / red team want to find a way in
People think issues happen because of poor QA
Pentesters miss stuff too!
Environment / infrastructure
We both find the risks
We're both concerned with human behaviour
Users will never do that ?
If they can they likely will
People keep saying tools will replace us
Tools can support us
We can build our own tools ?
Exploration / investigation
We use information discovered to guide our testing