Hosting Provided By

Re: Security Testing

From: Kevin Spett <kspett(at)spidynamics.com>
Date: Mon Mar 03 2003 - 14:04:25 EST

While all developers should be aware of security issues and do their best to harden what they build, I recommend that the security testing team be seperate from the development team if possible. Security testing is a specialized skill that requires full-time dedication and experience to acquire proficiency with. Also, people are less likely to find bugs in their own work, which is one of the reasons that normal QA should be seperate from development.

Kevin.

Original Message ----- From: "Ramirez, Manuel N (CORP, DDEMESIS)" <Manuel.Ramirez@ddemesis.ge.com> To: <webappsec@securityfocus.com> Sent: Monday, March 03, 2003 1:09 PM Subject: Security Testing

Hi everybody,
I was wondering if some of you have some papers regarding web applications security testing. I'm working on a CMM iniciative and we are planning to include a security testing phase so every new developed application is security-error free.

Would you recommend every development team to perform security testing or it's better to have a group of experienced people doing these activities for all of the developed applications?

Best regards,
Manuel Received on Mon Mar 3 14:40:10 2003

This message: [ Message body ]
Next message: drG4njubas: "RE: Security Testing"
Previous message: Ramirez, Manuel N (CORP, DDEMESIS): "Security Testing"
In reply to: Ramirez, Manuel N (CORP, DDEMESIS): "Security Testing"
Next in thread: Jeff Williams (at) Aspect: "Re: Security Testing"
Reply: Jeff Williams (at) Aspect: "Re: Security Testing"
Reply: drG4njubas: "RE: Security Testing"
Reply: Bill Pennington: "Re: Security Testing"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT