Free bugs – maxing out your test plan using security flags and tools
Training / recruiting security experts is hard, and often not scalable. So we must find a way to empower existing validation teams to do security tests. A lot of effort is placed around training validation teams with security knowledge, and to deepen test plans with new security related tests. But this process is lengthy, and the results are usually not sustainable over time.
Another approach I want to present here is to empower existing testplans, using security compilation flags, and security debug tools – allowing to use the same tests, already executed by validation team, and produce new results. This methodology is much easier to implement, and often with great and immediate results.
This methodology is based on successful steps we took in the team I work with.
Security team manager since August 2018.
MBA & BSc in computer science from the Hebrew university in Jerusalem.