When CEO's Tesla car is parked just in front of the office and a QA is nearby, he just needs to check how "everything" works. Give him access to the car key and he can start "testing". Actually, not even a key but a mobile app that can be used instead. The Tesla app gives you access to information such as state of battery charge or the vehicle's location. It also allows you to operate the air conditioning, honk the horn, open the trunk, or even unlock and start the car. It may seem that with such great number of features available the app should be as secure as Fort Knox. Far from it! During the presentation you will see that security isn't just a technical matter and even a correct implementation won't be secure if there is a flaw in security design.
Insecure by design
Язык доклада: Английский Сложность: All levels
Senior QA Engineer, Boldare