WebApp Sec mailing list archives

RE: Security Testing

From: "scott wood" <swood () cambian com>
Date: Mon, 3 Mar 2003 17:45:32 -0800

I think Phil's description is pretty good, but there is one thing I would add. You should
have some sort of feedback from QA to the developers. Not of the "finger-pointing"
type, but constructive feedback that allows the developers to learn from their mistakes.
You want to cultivate an environment of security awareness amongst the developers so that
they do things correctly the first time. Also, if QA thinks the developers did a good job 
with security, they should let them know that as well!

scott

---
Scott Wood   swood () cambian com
CTO, Cambian
P.O. Box 12113, 1075-555 West Hastings St, Vancouver BC, Canada, V6B 4N6
Tel: (604)647.1167 x258; Fax: (604)647.1187
http://www.cambian.com/

Current thread:

Security Testing Ramirez, Manuel N (CORP, DDEMESIS) (Mar 03)
- Re: Security Testing Kevin Spett (Mar 03)
  - Re: Security Testing Jeff Williams @ Aspect (Mar 03)
- RE: Security Testing drG4njubas (Mar 03)
- Re: Security Testing planz (Mar 04)
- <Possible follow-ups>
- Re: Security Testing Bill Pennington (Mar 03)
- RE: Security Testing Pitts, Christopher C. (Mar 03)
- RE: Security Testing Brass, Phil (ISS Atlanta) (Mar 03)
  - RE: Security Testing scott wood (Mar 03)