
	Home > Software Quality Tips > Application Security Strategies > Involve the security team in software security testing

Software Quality Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

APPLICATION SECURITY STRATEGIES

Involve the security team in software security testing

Diego Paticio del Hoyo
11.27.2007
Rating: -2.33- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

When the time comes to test the security deliverables of a project, who better to do this than the security experts? Sure we've heard that the information security team needs to be involved in a development since its inception. We've also heard that "checklists" for what needs to be complied with could help the developers ensure all the security "features" have been considered.

But you can prevent more than a headache -- and possibly a "no-go" implementation decision -- if the security team reviews the test script when the code is ready for testing. After all, who knows more about the required security compliance than the information security experts? They may not be able to tell how to do something for any technology used in the department, but they can definitely say what needs to be there.

Ensuring information security experts are in the loop also will prevent miscommunication.

So, when the time comes to test what you've built, remember to involve the security team if there are security-related deliverables or requirements.

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member.
Submit a Tip

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security Strategies
	Getting started with Web application misuse cases
	The essentials of Web application threat modeling
	How to prevent XPath injection
	Web application hacking: Inside the mind of an attacker
	How to define the scope of functional security testing
	Cracking passwords the Web application way
	How to get developers to buy into software security
	Eight reasons to do source code analysis on your Web application
	What to do after penetration testing: source code analysis
	What to expect of a third-party Web application security tester

Software security testing and techniques

Web application security testing basics

Getting started with Web application misuse cases

OWASP kicks off Summer of Code 2008

Video: Classification, detection of application backdoor attacks

Testing custom applications in a manufacturing context

Ajax security concerns you need to be aware of

Web application hacking: Inside the mind of an attacker

InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory

How to define the scope of functional security testing

Cracking passwords the Web application way

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy