That was missed by the professional penetration testers and security 'experts'.
Security issues can be identified using the stock-and-trade critical thinking skills of a tester.
Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.
Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.
Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or puchase - because it's my brain, but your brain is capable of doing the same.
Key Learnings
| Gamification of Software Testing - a bit of fun, or a valuable endeavour | Agile2018 | August 2018 |
|---|---|---|
| Driving quality through servant leadership and critical thinking | National Software Testing Conference 2018 | May 2018 |
| Connecting the Dots - Empowering People Through Play | UKStar 2018 | March 2018 |
| Do Testers Need a Thick Skin? Or Should We Be Proud of Our Humanity? | Nordic Testing Days 2017 | June 2017 |
| Taking inspiration from unlikely sources | European Testing Conference 2017 | February 2017 |
| Do Testers Need a Thick Skin? Or Should We Admit We’re Simply Human? | TestBash 2016 | March 2016 |
for free. You
can too.