Re: [SC-L] Security in QA is more than exploits

2009-02-04 Thread Wieneke, David A.
Before anyone talks about vulnerabilities to test for, we have to figure out what the business cares about and why. What could go wrong? Who cares? What would the impact be? Answers to those questions drive our testing strategy, and ultimately our test plans and test cases. We have to figure

Re: [SC-L] Security in QA is more than exploits

2009-02-04 Thread Paco Hope
All, I just read Robert's blog entry about re-aligning training expectations for QA. (http://bit.ly/157Pc3) It has some useful points that both developers and so-called security people need to hear. I disagree with some implicit biases, however, and I think we need to get past some stereotypes