No doubt in my mind that quality assurance and application security are closely related, the symbioses between these worlds can be defined by the concept of “Web application security can only be achieved while having good quality assurance process” or in other words security vulnerability is the result of failure in the quality assurance process (AKA development life cycle).
Even though, when asking R&D and QA departments leaders on the challenges on the way of designing, implementing and testing software product I doubt if security will be the top 5 things that come to mind.
Why is that?
Well I can think of couple of reasons:
1. Security testing requires trained personal which is not common in small/mid range organizations.
2. What I consider “closely related” is not trivial concept in the quality assurance industry, more education is still required.
3. Security incidents are not always categorized as such, for example attacks such as DoS and DDoS (Denial of Service/ Distributed Denial of Service) that can result in application service failure are not detected easily and not associated to security but rather to defect in the application.
Bridging the gap between these worlds is not an easy job but it could be done with the proper education & training.
No comments:
Post a Comment