As an exploratory tester, one works in the world of empirical evidence to break illusions. Working in closely-knit teams in an agile fashion, threat modeling becomes a security-aware projects go-to tool to work on identifying tasks to address, mitigate and accept aspects of security.
In this talk, we look at lessons on combining exploratory testing and security threat modeling into a pair that is stronger together. We look first at the models threat modeling bases on and how those are, in practice generated, amended and corrected through exploratory testing. Then we look at the threats identified, and how exploratory testing can help understand and mitigate those.
There's a lot of depth to the types of problems our applications can have. It turns out, learning in layers and assuming there is always another layer to peer is a great approach for both threat modeling and exploratory testing. What the things that really block the convergence of functional and security testing?