Manage Learn to apply best practices and optimize your operations.

Involve the security team in software security testing

By involving security experts in code reviews and testing you will make sure all security requirements are met.

When the time comes to test the security deliverables of a project, who better to do this than the security experts?...

Sure we've heard that the information security team needs to be involved in a development since its inception. We've also heard that "checklists" for what needs to be complied with could help the developers ensure all the security "features" have been considered.

But you can prevent more than a headache -- and possibly a "no-go" implementation decision -- if the security team reviews the test script when the code is ready for testing. After all, who knows more about the required security compliance than the information security experts? They may not be able to tell how to do something for any technology used in the department, but they can definitely say what needs to be there.

Ensuring information security experts are in the loop also will prevent miscommunication.

So, when the time comes to test what you've built, remember to involve the security team if there are security-related deliverables or requirements.


This was last published in November 2007

Dig Deeper on Software Security Test Best Practices

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.