Welcome to QASec.com! Besides traditional testing checking for errors, seeing if the product conforms to the spec'd out requirements, and seeing that it 'just works', it's important to implement security testing into the QA cycle to eliminate potential vulnerabilities before the product goes into production. By identifying and classifying the risks of these security 'bugs' you can reduce the cost of repairing it, as well as reduce public exposure to it.
I've created this site for other Software Testers to read up on how to implement security checking into their cycle. Most of the material that you'll see comes from the Penetration Testing world (Post Production Security Review) although has a unique spin to relate this to professional software testers. As someone who has performed in both duties it is easy to see just how alike QA, Penetration testers, and hackers are in the way they implement 'testing' of an application.
Besides QASec.com I've founded the Web Security News Portal CGISecurity.com and The Web Application Security Consortium.
- Robert
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment