Justifying Security Testing in QA


a worst-case scenario, of course, but other companies such as Eli Lilly, Victoria's Secret, and Go Daddy have all taken financial hits as a result of getting hacked. Victoria's Secret's Web site was shut down during the Christmas shopping season--and the company was fined $50,000 by the federal government--after hackers found an easy way to review customers' order information.

The Preventative Argument
All the information and arguments presented in this article should provide a good start to your efforts in justifying security testing in QA. It is cheaper to find vulnerabilities in QA than in production, and the cost of being hacked is almost immeasurable. Nobody wants to have a Web site shut down or customers' personal information revealed by a hacker. With these risks in mind, addressing security in QA makes perfect financial and business sense.


About the author

Ryan English's picture Ryan English

Ryan English is the group product manager for SPI Dynamics, where he oversees product strategy and direction for the company's development lifecycle security-testing products. Ryan is a seasoned speaker on the topic of Web application security testing and has spoken at several quality assurance industry events, including Software Test & Performance Conference, STAREAST, STARWEST, Mercury World, IBM Rational Conference, and various user groups and associations.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, TechWell.com is the place to go for what is happening in software development and delivery.  Join the conversation now!