WebApp Sec mailing list archives
RE: Security Testing
From: "scott wood" <swood () cambian com>
Date: Mon, 3 Mar 2003 17:45:32 -0800
I think Phil's description is pretty good, but there is one thing I would add. You should have some sort of feedback from QA to the developers. Not of the "finger-pointing" type, but constructive feedback that allows the developers to learn from their mistakes. You want to cultivate an environment of security awareness amongst the developers so that they do things correctly the first time. Also, if QA thinks the developers did a good job with security, they should let them know that as well! scott --- Scott Wood swood () cambian com CTO, Cambian P.O. Box 12113, 1075-555 West Hastings St, Vancouver BC, Canada, V6B 4N6 Tel: (604)647.1167 x258; Fax: (604)647.1187 http://www.cambian.com/
Current thread:
- Security Testing Ramirez, Manuel N (CORP, DDEMESIS) (Mar 03)
- Re: Security Testing Kevin Spett (Mar 03)
- Re: Security Testing Jeff Williams @ Aspect (Mar 03)
- RE: Security Testing drG4njubas (Mar 03)
- Re: Security Testing planz (Mar 04)
- <Possible follow-ups>
- Re: Security Testing Bill Pennington (Mar 03)
- RE: Security Testing Pitts, Christopher C. (Mar 03)
- RE: Security Testing Brass, Phil (ISS Atlanta) (Mar 03)
- RE: Security Testing scott wood (Mar 03)
- Re: Security Testing Kevin Spett (Mar 03)