As stated in my previous post, security "testing" fits into Quality Assurance. This a hot topic and is discussed again here. This is the final gate that applications need to successfully pass in order to be considered for deployment. This sort of "testing" is not going to be thorough; especially if QA lacks security expertise. So how do we solve this problem?
Simple. Develop test plans and specific test cases that can be executed by QA Team members. It reduces the amount of work of the Security Team with the bulk of it done by QA. It will also serve as an indicator of security posture. If a security defect is found, the Security Team can be alerted for further analysis. This Security Review is a perfect way to enhance Web Application Security.
Effective security testing is important, but resources may be limited. Test plans and test cases are the bread and butter of the QA Team, so it makes sense.
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment