Detective Work for Testers: Finding Workflow-based Defects

Rafal Los, Hewlett-Packard Application Security Center

Workflow-based Web application security defects are especially difficult on enterprises because they evade traditional simple point-and-scan vulnerability detection techniques. Understanding these defects, and how and why black-box scanners typically miss them, is the key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that application testers play in assessing application workflows and how business process-based testing techniques uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities: business process/logic vulnerabilities and parameter-based vulnerabilities. As the complexity of Web applications continues to increase, learn how to adjust your testing strategy to make sure you don’t miss these unique types of defects.

Upcoming Events

Sep 22
Oct 13
Apr 27