the security issue that killed a financial product launch (that was missed by the professional penetration testers and security ‘experts’)

https://www.agiletestingdays.com https://twitter.com/nicolasedgwick http://www.nicola-sedgwick.com

crowd

Photo credit Rob Curran on Unsplash

crowd - bounty.

Image credit https://internetbugbounty.org/

crowd - reward

Photo credit Christian Dubovan on Unsplash

crowd - professionals

Photo credit Hello I'm Nik on Unsplash

story

Photo credit Sharon McCutcheon on Unsplash

story - ethics

Photo credit Cristian Newman on Unsplash

story - vulnerable

Photo credit Mihály Köles on Unsplash

challenge

Photo credit Luke van Zyl on Unsplash

challenge - shopping

Photo credit rawpixel on Unsplash

challenge - practicalities

Photo credit Fancycrave on Unsplash

challenge - reputation

Photo credit Jon Tyson on Unsplash

challenge - competition

Photo credit Patryk Sobczak on Unsplash

situation

Photo credit Matt Botsford on Unsplash

situation - owasp

credit https://www.owasp.org

situation - tools

Photo credit Adam Sherez on Unsplash

situation - understanding

Photo credit John Carlisle on Unsplash

analysis

Photo credit Luke van Zyl on Unsplash

analysis - protested

Photo credit Robert Hickerson on Unsp

analysis - impenetrable

Photo credit Ben Hershey on Unsplash

analysis - landscape

Photo credit Luo Lei on Unsplash

analysis - maze

Photo credit Wim Arys on Unsplash

analysis - sense

Photo credit Vladislav Klapin on Unspla

hacking

Photo credit Markus Spiske on Unsplash

hacking - vulnerability

Photo credit Hans-Peter Gauster on Unsplash

hacking - system

Photo credit rawpixel on Unsplash

hacking - transmission

Photo credit Jack Price-Burns on Unsplash

hacking - breach

Photo credit Ben Hershey on Unsplash

disbelief

Photo credit Jonathan Hoxmark on Unsplash

disbelief - halt

Photo credit Kai Pilger on Unsplash

disbelief - denied

Photo credit B J on Unsplash

disbelief - perhaps

Photo credit Mike Wilson on Unsplash

repetition

Photo credit Tine Ivanič on Unsplash

repetition - footsteps

Photo credit eberhard grossgasteiger o

repetition - payments

Photo credit Ales Nesetril on Unsplash

advice

Photo credit Melinda Gimpel on Unsplash

advice - trouble

Photo credit Ye Jinghan on Unsplash

advice - gifts

Photo credit freestocks.org on Unsplash

realisation

Photo credit Jez Timms on Unsplash

realisation - broken

Photo credit Stephanie Watters Flores on Unsplash

outcome

Photo credit Taskin Ashiq on Unsplash

outcome - bounty

Photo credit Brian Mann on Unsplash

summary

  1. this is not an isolated situation
  2. tools assist testing; tools don’t test
  3. think critically during design
  4. always return to the beginning

takeaways

• You already have the skill you need to find security issues … your brain! • Critical thinking skills are perfect for locating security problems. • Engage security assessment as part of architecture planning and throughout development. www.agiletestingdays.com |

A g i l eT D

nicolasedgwick | www.nicola-sedgwick.com

https://www.agiletestingdays.com