Is site security QA's problem too?!

Hi everyone, I can't wait for fall and the StarWest testing conference in Anaheim!  I'm so psyched to be presenting "QA Techniques for Identifying Workflow-Based Security Defects" in what will hopefully be one of the better talks of the week.  I've been promising many of you an explanation of why QA and IT Security cannot live without each other, as it pertains to web app security, and I aim to deliver.

This talk will be heavily focused on the reasons why IT Security still fails in many instances to find serious web application security defects - and what the Quality Teams can do about it.  How about that... identifying security as more than just "security's problem" - it's an enterprise-wide problem that bleeds very much over into the QA testing organization.  The days of the security teams doing "scans" and pitching the results over the cubicle wall to the developers are long, long over (were they ever really here?) and the days of collaborative defect mitigation throughout the application lifecycle are here.  Come listen and learn some of the techniques that the QA testing teams can use to identify security-based defects in the web applications; and understand why it's not just security's problem anymore.

But wait!  there's more!  Just in case you're thinking to yourself... sure I'd love to go but I don't think I have the travel budget - there's a discount code yours truly has gotten made up just for you, my readers!  Simply follow the instructions below - and I'll see you in Anaheim at StarWest.

Simply click this link: ( http://www.sqe.com/go?SW09Rafal ) and enter the code SWRL to get your discount...

Here's the abstract - just to get you psyched up too!

"Workflow-based web application security defects are especially difficult on enterprises, because they evade traditional, simple, point-and-scan vulnerability detection techniques.  Understanding these defects, and how/why black-box scanners typically miss them is the key to creating a testing strategy for successful detection and mitigation.  Rafal Los describes the critical role that application testers play in assessing application workflows and how business process based testing techniques uncover these flaws.  Rafal demystifies the two main types of workflow based application vulnerabilities: business process/logic vulnerabilities and parameter-based vulnerabilities. As the complexity of web applications continues to increase, learn how to adjust your testing strategy to make sure you don’t miss these unique types of defects."