Benjamin Tomhave wrote...
This is completely unsurprising. Apparently nobody told the agile
dev community that they still need to follow all the secure coding
practices preached at the traditional dev folks for eons. XSS,
redirects, and SQL injection attacks are not revolutionary, are not
Ken,
I enjoyed reading your this article. My book The Art of Software
Security Testing is based on the concept of using penetration techniques
as part of the development lifecycle and is specifically targetted at QA
professionals. One of my co-authors Elfriede Dustin has written 5 QA
books