Auch in diesem Jahr organisieren wir einen CAST-Workshop zum Thema „Sichere Software entwickeln“. Der Workshop findet am Donnerstag, dem 10. November 2016 am Fraunhofer-SIT in Darmstadt statt. Am Vorabend laden wir zu einem Get-Together ein. Das Programm und alle weiteren Informationen zum Workshop findet Ihr hier: https://www.cast-forum.de/workshops/infos/227.
P.S. Jetzt haben wir auch einen Flyer zum Ausdrucken und Verteilen.
[Get only posts in English]
The Sectest08 workshop, which I attended today, was of typical workshop size, so my plan to use the flipchart rather than PowerPoint did work out well.
The Keynote speaker, David Litchfield, gave a pretty good introduction into the kind of security testing that he is doing—bug-hunting of various kinds. He included a live presentation of format string vulnerabilities, presented the notion of surety for what might be missed by the too formal approaches to security and described security testing as exploring interesting avenues and evaluating implications. His talk pretty much covered the issues and topics of my own world of security testing. He embraced the idea that (this type of) security testing might be an art, claiming that the bug-hunting type of security testers were often also into artistic activities such as painting or photography and that teams of testers would work best if they included scientific and artistic types of persons. Continue reading What is security testing?