[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases


Great article Robert! I'm a staunch supporter of pushing security testing into the QA phase; and to get security testers to take advantage of the wealth of testing tools that developers and QA people use. <plug>
I wrote a paper a while back that describes how one could integrate security into unit, integration and functional tests:
http://www.corsaire.com/white-papers/060531-security-testing-web- applications-through-automated-software-tests.pdf

It includes practical examples of using JUnit, WATIR and Apache Cactus to test (and/or to document) common web application vulnerabilities.
</plug>


On 7 Jan 2007, at 12:58, bugtraq@xxxxxxxxxxxxxxx wrote:

I've Just released an article about how the Quality Assurance phase of the development
cycle can incorporate security testing into a standard test plan, and make it part
of the regular testing cycle.

Writing Software Security Test Cases: Putting security test cases into your test plan
http://www.qasec.com/cycle/securitytestcases.shtml

Regards,
- Robert
http://www.cgisecurity.com/
http://www.qasec.com/


---------------------------------------------------------------------- ------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


--
Stephen de Vries
Corsaire Ltd
E-mail: stephen@xxxxxxxxxxxx
Tel:	+44 1483 226014
Fax: 	+44 1483 226068
Web: 	http://www.corsaire.com





----------------------------------------------------------------------------
The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Brought to you by http://www.webappsec.org
Search this site