The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.
- do I test against Dev/Stage/Prod?
- at what point do I test in my project?
- which roles and rights do I test?
- why are the OWASP Top 10 not a good testing basis, but still a great document?
- why are CAPTCHAs a challenge for testing?
- do I test with or without a web application firewall?
- what is horizontal and vertical rights escalation?
Tobias Glemser, Managing Director of secuvera, is a BSI-certified penetration tester and Technical Manager for Penetration Testing. Mr. Glemser is the author of several technical articles in the magazines c’t and iX, among others, and a speaker at seminars and congresses (e.g. OWASP AppSec Germany, DevSec, secIT, Internet Security Days, it-sa). He has published various Security Advisories for vulnerabilities he found himself, e.g. in web applications and IoT devices. Mr. Glemser is chapter lead of the German chapter of the Open Web Application Security Project (OWASP).