Site Updates/What's New
The site is now live! This site is a work in progress and I'm essentially going to add new sections/documents to this site monthly
until it's completed. Below is a list of the latest changes to the site.
Changes By Date:
* Tracking and understanding security related defects: Useful data points for shaping your SDLC program (1/11/11)
* Setting the appropriate security defect handling expectations in development and QA (6/15/09)
* The business case for security frameworks (4/23/07)
* Using Fuzzers in Software Testing (2/2/07)
* Writing Security Test Cases (1/5/07)
* Identifying Risks in the Development Cycle (10/18/06)
Welcome to QASec.com! Besides traditional testing checking for errors, seeing if the product conforms to the spec'd out requirements, and seeing that it 'just works', it's important to implement security testing into the QA cycle to eliminate potential vulnerabilities before the product goes into production. By identifying and classifying the risks of these security 'bugs' you can reduce the cost of repairing it, as well as reduce public exposure to it.
I've created this site for other Software Testers to read up on how to implement security checking into their cycle. Most of the material that you'll see comes from the Penetration Testing world (Post Production Security Review) although has a unique spin to relate this to professional software testers. As someone who has performed in both duties it is easy to see just how alike Penetration testers,Quality Assurance Engineers, and hackers are in the way they implement 'testing' of an application. All site articles are meant to be short and to the point.