Secure Coding mailing list archives
Re: Security Test Cases for Testing
From: ljknews <ljknews () mac com>
Date: Thu, 18 Dec 2003 00:43:11 +0000
At 1:11 PM +0530 12/17/03, Giri, Sandeep wrote:
Hi Group, To avoid security flaws in various applications, I started teaching people about how to write secure code. But I soon lost hope when I saw the same flaws again and again during code audits. So, now with a hope to get some of Security Flaws (like SQL injection, buffer overflows and XSS problems etc.) foiled while testing, I am planning to write Test Cases for QA team.
In my experience it is best to have the QA team well enough trained that they can write the test cases. The QA team should start at the same time the development team starts.
Has anyone already written test cases for same?
Well yes, but that is just a passing anecdote. Tests for your software must be written with your software in mind, preferably with "white box" testing where your QA team inspects your source and looks for flaws to exploit. Note this means your QA team must be _more_ skilled than your developers.
Current thread:
- Security Test Cases for Testing Giri, Sandeep (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 18)
- Re: Security Test Cases for Testing Gene Spafford (Dec 19)
- Re: Is Open Source Software "more" secure? Jared W. Robinson (Dec 20)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing Kenneth R. van Wyk (Dec 19)
- Re: Security Test Cases for Testing Dana Epp (Dec 19)
- Re: Security Test Cases for Testing Gene Spafford (Dec 20)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Jeff Williams @ Aspect (Dec 17)