Integrating Security Testing into the QA Process

Although organizations have vastly increased their efforts to secure operating systems and networks from attackers, most have neglected the security of their applications-making them the weakest link in their overall security chain. By some industry estimates, 75 percent of security attacks now focus on the application layer. All too often, the departmental responsibility for verifying application security is not defined, and security within the SDLC is either addressed too late or not at all. Based on his experience in a Fortune 1000 company, Mike Hryekewicz describes a step-wise strategy for extending the QA department’s role to include security as a quality attribute to verify prior to an application going into production. Learn how to deploy a security testing capability within your QA department and how to extend its coverage and activities as the process gains acceptance. Mike recommends specific security testing activities and describes the supporting skills, tools, training, and reference resources to ensure a successful rollout.