[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases

From: "Brian Cohen" <bcohen@xxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
Date: Sun, 7 Jan 2007 09:08:58 -0500

Robert,

Very nice work on this article.  Most of the folks that are conducting
QA tests don't have the security knowledge, and many don't think they
have the time, to conduct application security tests.  You've done a
great job of presenting the case for security testing during QA in
simple understandable terms.  I encourage you to look into having this
article published by one of the mainstream QA publications... I think it
would be very helpful toward the cause of improving application
security.  Particularly in raising awareness that application security
truly is a lifecycle issue, not something you entrust solely to your
"security department."

This is an issue that list readers are up-to-speed on, but sadly, much
of the corporate development and testing world is not.  Anything you can
do to garner more widespread publication is a win.

BC

-----Original Message-----
From: bugtraq@xxxxxxxxxxxxxxx [mailto:bugtraq@xxxxxxxxxxxxxxx] 
Sent: Sunday, January 07, 2007 12:58 AM
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] QASEC Announcement: Writing Software Security
Test Cases

I've Just released an article about how the Quality Assurance phase of
the development 
cycle can incorporate security testing into a standard test plan, and
make it part 
of the regular testing cycle.

Writing Software Security Test Cases: Putting security test cases into
your test plan
http://www.qasec.com/cycle/securitytestcases.shtml

Regards,
- Robert
http://www.cgisecurity.com/
http://www.qasec.com/


------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
  - From: bugtraq

Prev by Date: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
Next by Date: [WEB SECURITY] Looking For a Username Dictionary
Previous by thread: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
Next by thread: Re: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site