I gave a talk at the Security B-Sides in London entitled "Randomness: Too Important to Leave to Chance". You can catch it on Youtube now.
I gave a video interview on Risk Based Security Testing.
I'll be speaking at Software Test & Performance in Boston in October 2007.
I'll be speaking at STAR WEST 2007 doing my typical 1-day tutorial: Risk Based Security Testing.
Software security testing is a key element in your quality assurance strategy for protecting your applications and critical data. Organizations need applications that not only work correctly under normal use but also continue to work acceptably in the face of a malicious attack. Software security testing, which extends beyond basic functional requirements, is a critical part of a secure software development lifecycle. By teaching you how to use security risk information to improve your test strategy and planning, Paco Hope helps you build confidence that attackers cannot turn security risks into security failures. The goal is to teach you to think like an attacker and add test cases for non-functional—and sometimes implied—security requirements. Explore a white-box approach that looks inside your code to help you design your tests. By employing risk-based security testing, you can achieve the most benefits with less effort and avoid downstream security problems and mitigation costs. Paco offers an eye-opening experience for all QA professionals responsible for test strategies, plans, and designs. It will change the way you think about test development.