Given that about 94% of all vulnerabilities reported in the first half of 2008 targeted applications, rather than operating systems it appears that application development and testing needs some help and guidance to improve the security of their software products. The purpose of this presentation is to give QA Analysts some simple things that they can do to improve the overall security of their product. In this presentation we will do an exercise in 'evil thinking', a brief introduce to Threat Modeling as a means to determine where security testing is most needed, and various security testing techniques and tools, all of these should be easy to include in your existing project and will hopefully give QA Analysts the largest increase in improved security testing for the smallest investment in time and effort.

( PDF )