The general perception is that only specialists can do security testing. As with many beliefs, that is both correct and incorrect. Security experts are invaluable, and can provide critical guidance with a software product and the total production environment. However, there are many areas of design, implementation and testing that software testers can impact from a security perspective with their current skill sets and a different mindset.
So what makes security testing different? It is really about approaching design, development and testing not from the perspective of giving the customer functionality that they can do but really expanding what they can’t do. It is changing the idea that users are benign to users can be very destructive. Happy path testing takes a back seat in the world of security testing.
Because security considerations cannot be considered something to be done at the end of development, and because you cannot test in security, this presentation will do a broad sweep of concepts in the security space. It will not go into full depth of any one topic, but will provide enough information that you can feel empowered to discuss security and how to approach it without being an expert.