Any application exposed to the internet will be attacked, and the earlier in the development cycle you find vulnerabilities, the better. The goal of the speech is shown to the usual SQA engineer who can start to do security testing of the web application by using various tools such as Zap, Burp, Fiddler.
At first, Aleksey will talk about TOP 10 vulnerabilities with examples such as XSS, IDOR, SQLinj. He will bring attention to how SQA can do it and what kind of methods they can use. There will be some details about how SQA can test manually and automatically and how they actually can manage it. Talk about how to establish do it continuously and review findings.
Speaker will show how to use ZAP, Burp. What kind of functions they have and how it helps in testing. There will an overview of some of the more advanced features and explains how they can be used for more-complex security testing. What are the cases they can catch?
Aleksey will touch a little bit of API testing. Why it became important. How to do it and what kind of tools we can use. Also, he will talk a little bit about the market and what kind of tools they can buy. Speaker will provide examples of security flaws and ask auditory do they catch it or not.
In the end, you will see a sample of the security testing checklist.