During the presentation, I will talk about what role QA teams can play in improving software security, how their continuing education, structure, and composition can be improved to make them more effective at finding vulnerabilities, and I will give examples of test case techniques for finding security weaknesses.
In my opinion, testing for security weaknesses (whether its positive or negative testing) is very similar to what QA already does. Security vulnerabilities are just another type of quality defect, and QA teams are well suited to this role. Come check out my presentation and join in the conversation!
Note: As always, testing is just a very small part of software security (which I talk about in the presentation). Good software security programs include portfolio management; training; security requirements; secure architecture, configuration, and coding patterns (think design patterns); validation (positive and negative testing), metrics, and continuous improvement.
No comments:
Post a Comment