About the Talk
Important part of non-functional testing is security for sure. We will start by writing security related non-functional application requirements and answer the question how to write security related requirements that make sense.
The second question that we will answer is how to help developers in fulfilling those requirements, and how to later check if the requirements are fulfilled. We will cover everything form white box to black box testing, including penetration testing, and code inspection/review. Of course, we will cover the most important free documents and tools available that can help you define and test security requirements.
About the Speaker
Vlatko Košturjak works as a information security consultant for Europe, Middle East and Africa (EMEA) where he helps clients in reaching desired security level. Vlatko specialized and certified in security and “ethical hacking” or penetration testing, business continuity, increasing information systems security levels, and development and monitoring ISMS according to international standards including ISO/IEC 27001. He is also authorized by PCI SSC to perform PCI QSA security audits of organizations processing credit card information conforming to PCI DSS.
Vlatko have experience in security for more than a decade. He is author of many papers and tools in security field, active member of OWASP (open global organization for application security) and author of OWASP projects. Vlatko also actively develops and contributes to open source software. For example, Snort, Nessus, nmap, w3af, Metasploit and OpenVAS contain code written by his hands. And for those believing only in certificates, here is a few abbreviations:
CISSP, CISA, C|EH, MBCI, Security+…