Alexander Todorov

This talk will focus on security from the point of view of software testers, not security experts. It will focus on tools and areas of testing which are often forgotten and could lead to security vulnerabilities. All of this is nicely peppered with examples from the open source world.

The presentation will cover tools like bandit, Coverity, npm audit and a few more with detailed examples from several open source projects.

It will showcase the fact that software relies on a dependency stack and this stack can be much more vulnerable than the software itself. We are going to see examples coming from the software stack combined with tools for automatic dependency updates.

Then we are going to talk about infrastructure, especially testing infrastructure. This often gets forgotten and is not held to the same standards as production infrastructure. Several examples will make it clear what can happen in such a case. After all our infrastructure is mostly based on open source software.

key takeaways:

– various tools related to security testing

– application areas which could be tested for security

– examples of when things failed

– more ideas what to test