Post · bonfire.cafe

Post

Log in

@lisihocke@mastodon.social · 2 months ago

"How Accessibility is Security" by Ina Tsvetkova and Jaunita Flessas #AgileTD #sketchnote

Sketchnote of "How Accessibility is Security" by Ina Tsvetkova and Jaunita Flessas at Agile Testing Days 2025

Two sketch figures with speech bubble: "People tend to think accessibility is only for disabled folks - yet we live in a world of accommodations. Like chairs, lights, etc."

Accessibility and security share a common goal: protecting users: from being excluded, from external threats

Insight, circled like a cloud: If security measures are not accessible they fail

MFA assumes you even have a second device

Captchas are not accessible for blind users

Challenges are tricky for cognitive impairments

What if you don't have fingerprints?

The European Accessibility Act requires accessible authentication

Insight, framed: If you don't provide alternatives you're locking out a whole group of people

People with disabilities are often targets in frauds

They often have to trust others

We all face disabilities

Security often fails to take into account user difference

Insight, circled like a cloud: Accessible security principles, list of five points:

1. Accessibility for all
2. Privacy by default
3. Inclusive authentication
4. Cognitive load reduction
5. Equal recovery and revocation

Insight, framed: Let's make things secure by inclusion

Sketchnote author: @lisihocke@mastodon.social — Sketchnote of "How Accessibility is Security" by Ina Tsvetkova and Jaunita Flessas at Agile Testing Days 2025 Two sketch figures with speech bubble: "People tend to think accessibility is only for disabled folks - yet we live in a world of accommodations. Like chairs, lights, etc." Accessibility and security share a common goal: protecting users: from being excluded, from external threats Insight, circled like a cloud: If security measures are not accessible they fail MFA assumes you even have a second device Captchas are not accessible for blind users Challenges are tricky for cognitive impairments What if you don't have fingerprints? The European Accessibility Act requires accessible authentication Insight, framed: If you don't provide alternatives you're locking out a whole group of people People with disabilities are often targets in frauds They often have to trust others We all face disabilities Security often fails to take into account user difference Insight, circled like a cloud: Accessible security principles, list of five points: 1. Accessibility for all 2. Privacy by default 3. Inclusive authentication 4. Cognitive load reduction 5. Equal recovery and revocation Insight, framed: Let's make things secure by inclusion Sketchnote author: @lisihocke@mastodon.social

@lisihocke@mastodon.social replied · 2 months ago

"Dark OSINT: I know where you live" by Kristof Van Kriekingen ( @0xKristof) #AgileTD #sketchnote

Sketchnote of "Dark OSINT: I know where you live" by Kristof Van Kriekingen at Agile Testing Days 2025

Sketch figure with speech bubble: "OSINT focuses on publicly available and legally obtainable information"

It takes no time to find information on someone

Insight, circled like a cloud: "Sock puppets are fake online profiles - for protection and to view more content"

Google dorks reveal a lot of information: backups, configs, logins, pen tests, salaries, secrets, ...

Face search engine e.g. PimEyes

Insight, circled like an explosion: Your life is online

Even if you're careful, others share information about you

Two photos were enough to get a musician found, robbed and killed

Username searches can reveal other accounts

Human recon, but also corporate recon

Don't use your business email for fun accounts

Breached data on dark web forums for sale

You can access the dark web using Tor - start with the hidden wiki

Caution: it's not a happy place

Insight, circled like a cloud: Dark web and OSINT? Hunt pedophiles, find missing people

We gather intelligence, not evidence and report to authorities: location, photo of hands to get fingerprints

Insight, framed: beware of what you share online

Sketchnote author: @lisihocke@mastodon.social — Sketchnote of "Dark OSINT: I know where you live" by Kristof Van Kriekingen at Agile Testing Days 2025 Sketch figure with speech bubble: "OSINT focuses on publicly available and legally obtainable information" It takes no time to find information on someone Insight, circled like a cloud: "Sock puppets are fake online profiles - for protection and to view more content" Google dorks reveal a lot of information: backups, configs, logins, pen tests, salaries, secrets, ... Face search engine e.g. PimEyes Insight, circled like an explosion: Your life is online Even if you're careful, others share information about you Two photos were enough to get a musician found, robbed and killed Username searches can reveal other accounts Human recon, but also corporate recon Don't use your business email for fun accounts Breached data on dark web forums for sale You can access the dark web using Tor - start with the hidden wiki Caution: it's not a happy place Insight, circled like a cloud: Dark web and OSINT? Hunt pedophiles, find missing people We gather intelligence, not evidence and report to authorities: location, photo of hands to get fingerprints Insight, framed: beware of what you share online Sketchnote author: @lisihocke@mastodon.social

@lisihocke@mastodon.social replied · 2 months ago

"Testing Transparently" by Elizabeth Zagroba ( @ez) and James Lyndsay #AgileTD #sketchnote

Sketchnote of "Testing Transparently" by Elizabeth Zagroba and James Lyndsay at Agile Testing Days 2025

Two sketch figures in front of a laptop with speech bubbles: "With two people you may discover new paths" - "Let's test this together transparently"

Practice app to generate crosswords

Voicing what they want to do and what they do

What you responding to?

Observing oddities

I wonder if we would have a smaller grid...

If we do this, I'm expecting that...

Oh! It did something surprising

Oh, I don't like that...

Notes: good things, questionable things, hopes and dreams

Voicing hypotheses and testing them

Would users want this?

Asking the audience we found even more excitingly weird things

We can use tools to explore! Bookmarklet to populate and generate grids, DevTools to check test coverage

Insight, circled like a cloud: You can build and ask for tools

As we're exploring we're developing judgment what success looks like

Insight, circled like a cloud: Exploratory testing can uncover a lot. Collaborating is fun and effective. Show your work publicly and openly.

Insight, framed: New paths need new people

Sketchnote author: @lisihocke@mastodon.social — Sketchnote of "Testing Transparently" by Elizabeth Zagroba and James Lyndsay at Agile Testing Days 2025 Two sketch figures in front of a laptop with speech bubbles: "With two people you may discover new paths" - "Let's test this together transparently" Practice app to generate crosswords Voicing what they want to do and what they do What you responding to? Observing oddities I wonder if we would have a smaller grid... If we do this, I'm expecting that... Oh! It did something surprising Oh, I don't like that... Notes: good things, questionable things, hopes and dreams Voicing hypotheses and testing them Would users want this? Asking the audience we found even more excitingly weird things We can use tools to explore! Bookmarklet to populate and generate grids, DevTools to check test coverage Insight, circled like a cloud: You can build and ask for tools As we're exploring we're developing judgment what success looks like Insight, circled like a cloud: Exploratory testing can uncover a lot. Collaborating is fun and effective. Show your work publicly and openly. Insight, framed: New paths need new people Sketchnote author: @lisihocke@mastodon.social

@lisihocke@mastodon.social replied · 2 months ago

"The Agentic AI World is Already Here... Are You Ready?" by Martin Hynie #AgileTD #sketchnote

Sketchnote of "The Agentic AI World is Already Here... Are You Ready?" by Martin Hynie at Agile Testing Days 2025

Sketch figure with speech bubble: "I have no idea what's going on on the machine learning side of our company... got transferred and ChatGPT came out"

How do we even test that?

"Let's throw ChatGPT at it and see what it does" - terrifying

Come up with a testing strategy - but for what?

What are the sorts of biases that come into it?

The LLM would defer information

Built a risk map

Guardrails were often too restrictive

"Just give us a test plan" - but we're just playing around

People want to see something to increased their confidence

Insight, circled like a cloud: We're often rather an uncertainty coach - offering a sense of calm"

We depended on prompt engineering to augment capabilities

LLM gave horrible response - shut down quickly

Built tool to evaluate LLM

Partnered up with legal - worked surprisingly well - worries LLM made something up, misleading

Insight, circled like a cloud: "Hallucination" is such a misnomer - it's statistical interpretation of the prompt, confabulation

Used automation to detect those conversations a human needs to look at

Discovered another team building the same solution... you need to advocate for your work

Insight, framed: Ask better questions. Design for observability. Split systems into the slides.

Sketchnote author: @lisihocke@mastodon.social — Sketchnote of "The Agentic AI World is Already Here... Are You Ready?" by Martin Hynie at Agile Testing Days 2025 Sketch figure with speech bubble: "I have no idea what's going on on the machine learning side of our company... got transferred and ChatGPT came out" How do we even test that? "Let's throw ChatGPT at it and see what it does" - terrifying Come up with a testing strategy - but for what? What are the sorts of biases that come into it? The LLM would defer information Built a risk map Guardrails were often too restrictive "Just give us a test plan" - but we're just playing around People want to see something to increased their confidence Insight, circled like a cloud: We're often rather an uncertainty coach - offering a sense of calm" We depended on prompt engineering to augment capabilities LLM gave horrible response - shut down quickly Built tool to evaluate LLM Partnered up with legal - worked surprisingly well - worries LLM made something up, misleading Insight, circled like a cloud: "Hallucination" is such a misnomer - it's statistical interpretation of the prompt, confabulation Used automation to detect those conversations a human needs to look at Discovered another team building the same solution... you need to advocate for your work Insight, framed: Ask better questions. Design for observability. Split systems into the slides. Sketchnote author: @lisihocke@mastodon.social

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled

Log in