Skip to main content.

QASec.com - Software Security Testing in Quality Assurance and Development

Navigation: Home | Links | About |

'Secure Development Lifecycle' Tagged Posts

Tracking and understanding security related defects

Useful data points for shaping your SDLC program By Robert Auger 1/11/11 If you work in infosec for a large organization it can be difficult to easily track the state of every software level vulnerability throughout your various code bases....

Setting the appropriate security defect handling expectations in development and QA

By Robert Auger 6/15/09 If you've worked in information security you've likely had to report a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a rather difficult...

The business case for security frameworks

By Robert Auger Version 1.06 Last Modified: 4/22/2007 Article originally written for The Web Application Security Consortium's guest article project. One of the reasons why vulnerabilities are still common-place is because new generations of developers are making the same mistakes....

Identifying Risks in the Development Cycle

By Robert Auger 10/18/2006 Introduction Identifying security defects before a product ships reduces the risk of embarrassing public exposure, the cost of repairing the defect, and the risk to your customers. Your customers will not forget being compromised via a...