Explore security testing methodologies and challenges in this Black Hat conference talk. Delve into the difficulties faced by both security and development industries in identifying vulnerabilities in custom code. Learn about current security tools, their weaknesses, and costs. Discover the potential of unit testing frameworks for security testing, including inoculating applications, maintaining functional states, and ensuring consistent responses. Gain insights from lessons learned, such as the complexities of math in security, developer knowledge, and identifying endpoints. Examine real-world examples of security payloads, encoding problems, and test generation techniques. Witness a demonstration of innovative approaches to security testing that bridge the gap between development and security practices.
Domo Arigato, Mr. Roboto - Security Robots a la Unit-Testing
Overview
Syllabus
Intro
Mr Roboto
Why Security Unit Testing
Flaws not exploits
Quantum Security BOTS
Agenda
Current Security Tools
Static Tools
Dynamic Tools
Weaknesses
Costs
UnitTesting Frameworks
Average Number of UnitTesting
Lack of UnitTesting
Java Spring
NET
Django
Summary
Testing frameworks
Inoculating the application
Functional application
Authentication state
Consistent responses
Accessing HTML
Lessons Learned
Math is Hard
Developers Know Better
Identifying End Points
Chuck Norris
Sputter
Security payloads
Storytime
Admin Code
Single Character
XSS payloads
Encoding problems
Popup button
Random characters
Regice expression
Demo
Test Generation 4
Taught by
Black Hat
