My journey into a QA Security Mindset continues with learning about Information Disclosure vulnerabilities. If you would like to see how this journey started, you can go to my first post here. I learned about information disclosure by seeing an example of a real bug. It was the exposure of…

Intro In my previous blog post, I discussed the first vulnerability that I learned about in my journey to a QA security mindset — IDOR. If you have not yet read the post, you can find it here. While the IDOR vulnerability felt more intuitive and easy to test, I…

Intro IDOR was the first web security vulnerability that I learned and tested. Why did I start with this vulnerability? Why did it amaze me after I learned it? …

Thanks for joining me for my second post in this QA Security Mindset series! For this blog post, I will focus on the steps I took to create an automated solution for testing website vulnerabilities. If you haven’t read my first post, you can find it here! Gather Information When I started…

How it all started I remember that it started with: “We want to have centralized ownership in our QA group to lead and specialized in the security niche”. After all, software engineers in Dev and test need to be security minded in their profession. I responded “Sounds very interesting. But you know that I…