We all build applications - and they should be “secure”. At least that’s what it says as an acceptance criterion in our user stories. But what does that actually mean?
And how do I check whether the requirement has been implemented correctly? Usually, the login is clicked through once in the regression test - everything is fine.
The fact that there are many more ways to take such an application apart is usually swept under the carpet. Professionals use a whole range of tools for their penetration tests to test applications for every conceivable security vulnerability. And these tools are of course also available to those who are interested in our secrets and user data in order to blackmail us with disclosure or to turn them into money.
We believe that an understanding of hackers’ methods and tools will help us harden our own applications against them. That’s why we show you a small selection from our toolbox in this QAtalk.