Mon, 10 October 2011
Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind. While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.
In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work. Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.
I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship.
Direct download: Down_the_Rabbithole_-_Episode_3_-_QA_and_Security_Can_we_make_it_work.mp3
Category:Information Security -- posted at: 4:34pm CDT