January 11, 2007
Writing Software Security Test Cases
Anonymous Reader writes "People within the quality assurance community are starting to understand that checking an application for security issues (defects) isn't just the responsibility of the security department (if one exists), or the software architects. While typical QA Engineers don't understand the scope or inner working of specific software vulnerabilities, they do go about testing an application in a similar fashion to how the penetration testing community does. Unlike typical penetration testing QA has access to internal documents and insider information giving them advantages to aide in the testing of an application. In addition to documenting customer use cases it's important to begin the process of documenting what an attacker may attempt against your application as well and incorporating these attacker 'use cases' into a security section of your standard test plan."