In my opinion, not all user stories need security test considerations, so it's important to know when and where to include them for maximum benefit and return on investment (ROI). Guidelines for Choosing When to Include Security Considerations: Risk Assessment: Assess the potential risks of each feature or user story to determine whether security testing... Continue Reading →
Day 13: Perform a Security analysis for requirements in a story
Let's assume we have a simple requirement/user story like this, and now we'll see how to perform a security analysis for a simple requirement like this: Example User Story: "As a user, I want to upload my profile picture so that I can personalize my account." Step 1: Review the User Story The user story... Continue Reading →
Day 12: Read about security testing and discuss where it best fits in an SDLC
Today's challenge is about exploring security testing and understanding where it fits in the Software Development Life Cycle (SDLC). Security testing is a crucial part of development that helps find vulnerabilities and weaknesses before the application goes live. What is Security Testing? Security testing checks an application for vulnerabilities that could be exploited by attackers.... Continue Reading →
Day 11: Try to figure out the Posture Assessment for an application
Today's challenge is to conduct a posture assessment for an application. I'm using my work from Day 10 on OWASP Juice Shop with OWASP ZAP as a starting point to demonstrate the concept. In real-life scenarios, posture assessments need to be more comprehensive, but here's an example based on one of the alerts I found.... Continue Reading →
Day 10: Learning About Ethical Hacking
Day 10 is about learning and understanding ethical hacking. I've always had a vague idea of what it involves, so I used this opportunity to dive deeper. What is Ethical Hacking? Ethical hacking, also known as penetration testing or white-hat hacking, is testing computer systems, networks, and web applications for vulnerabilities. The goal is to... Continue Reading →