Security testing: a superpower we can all have

SafeStack News
Written By The SafeStack Team

We're excited to launch our newest SafeStack course today: Security Foundations for Software Testing.

Whether it’s used to prevent crime, make applications less complex, or create safer and more secure products, the benefits of security testing far outweigh the time it takes to integrate it into your development lifecycle.

But we know it does take time — so this course is designed to make bringing security into your testing practice more achievable.

Toni James shares her experience with software and security testing, along with some highlights from the course.

Software testing, security testing, and how they fit together

When I started my journey into software development, I had no idea software testing was a career path. I only found out software testing existed as a job title when I started my internship as a software engineer.

Ironically, most of the sprints we did during that internship focused on software testing and development improvements — otherwise known as bug fixing.

A ninja and a unicorn collaborate at a whiteboard

As interns, we had the time and the capacity to take on many of the backlog bug issues that would help improve the product. I was also amazed at the range of software testing titles and job descriptions, from technical to business quality assurance testers. It opened my eyes to a whole new aspect of the software industry.

If I'd known software testing was an option, I probably would have taken that route. Once I learned more about testing, it became my favorite part of the development process. I loved planning, creating test cases, following functional testing scenarios, and, of course, my favorite part: exploratory testing, which I did a lot of as an intern. Around the time I realized software testing was a thing, I also learned about software security. In my beginner’s mind, I thought everyone who worked in testing knew about security, and everyone who worked in security knew about testing. I've since learned that's not the case.

What is security testing, and why is it important?

A quick Google search for security testing will typically show you penetration testing (just one form of security testing), or advertising for automated security testing tools. But there's more to it than that.

Just like we do software testing to check that the software is working as expected, we do security testing to determine if the software can be misused or exploited to make it do something it shouldn’t.

Examples of this could be giving you more data or access than you should have or making systems unreliable or unavailable. So, how, as a tester, do you learn to build security into your routine?

A ninja and a unicorn are doing science in a lab. There is a board behind them with schematics for a robot.

That's a lot harder to find out about. This is why we're excited to launch our newest SafeStack Development course, Security Foundations for Software Testing. We understand your time is limited, and we want to make it as easy as possible to learn about security testing and bring it into your software development lifecycle with the time you have.

About our Security Foundations for Software Testing course

This course covers security testing and how to integrate it into every aspect of the software development lifecycle. Covering a range of critical areas, in this 1.5-hour course, you’ll learn how to: 

  • Build a solid security testing foundation through concepts, terminologies, and ways of thinking that may be new to you.

  • Understand the value of security testing and see where it can fit into the software development lifecycle.

  • Review some common types of security testing, when they should occur, who should be involved, and what tools can help.

  • Identify different challenges and strategies that you can use to create test cases to help you test functionality for security weaknesses.

  • Identify techniques for actioning your test outcome and working as a team to find solutions.

Who is this course for?

This course is for anyone who wants to build in security testing throughout their entire software development lifecycle. It's a foundational course introducing the concepts and the information needed to perform manual security testing across any application. Access this course by becoming a member of SafeStack Development.

What do you get with a SafeStack membership?

Our program is flexible for all levels and team sizes, with no minimum seat requirements. You'll get world-class training content designed by experts at a budget-friendly price.

In addition to our Security Foundations for Software Testing course, you'll get access to our existing Security Fundamentals for Software Development, Finding and Fixing Web Application Security Vulnerabilities, and Threat Assessment for Software Development courses, plus new courses added quarterly. You also get these neat benefits:

  • Monthly online seminars hosted by the SafeStack team on various application security topics are designed to connect you with a community of like-minded folks.

  • Online office hours offer a chance to talk with our team about what you’re learning or any secure development challenges you’re working through.

  • Access our hands-on labs to explore concepts and test your knowledge.

  • Digital badges to recognize and share what you've learned.

The SafeStack Team
Previous

20 years of OWASP: Beyond syntax