Better Software - December 2008 - (Page 20) Can you achieve application quality without application security? Many companies are under the impression that testing for web application security simply involves a cursory check for easy-to-guess user names and passwords. Yet application security testing can and should involve more complex audits, such as testing for SQL injection and cross-site scripting vulnerabilities. Often this sort of review does not happen until the web application is in production, when it is too late to stop a hacker or a malicious program from attacking and much more expensive to remediate the vulnerability. While quality assurance (QA) departments have traditionally focused on functional or performance testing—it is a clear trend that QA is becoming a critical participant in application security testing. • Your QA department may request involvement with testing for web application security, because an application with potential security holes is not going to be perceived as high-quality by users. No matter how the department gets involved, certain steps will need to be taken to establish the application security testing process. It will need to be determined whether there will be specific, dedicated staff members who will be performing web application security testing, or whether the task will be dispersed throughout your entire QA group. In addition, the timing of web application security testing during the QA process will need to be managed. Ideally, application security testing will be performed as early as possible, so that developers can fix any security issues in a timely manner without compromising the project’s schedule. Finally, the right software for application security testing will need to be selected and implemented. Are you ready for security testing? There are three ways that your QA department may become involved with web application security testing: • Your company’s web security experts may request that application security testing be done by the QA group to ensure that all fixes have been implemented and no security holes exist prior to releasing the product to production. • Your compliance officer—facing concerns about Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), payment card industry (PCI), etc.—may request that further application security testing is performed during the QA process. The right approach to application security testing The QA department will need application security testing software that is able to perform three different types of testing to determine the vulnerabilities inherent in each user class: as a non-authenticated user, an authenticated user, and an administrative user. Additionally, the web application security tool should be able to perform both automated and manual crawling/spidering of your web application. Run a free test of your web applications via our free 15-day trial of HP QAInspect® software and get a comprehensive vulnerability report. www.hp.com/go/QAInspectdnld Special Advertising Section http://www.hp.com/go/QAInspectdnld
Table of Contents Feed for the Digital Edition of Better Software - December 2008 Better Software - December 2008 Contents Mark Your Calendar Contributors eLightenment Technically Speaking Code Craft Test Connection Management Chronicles What's a Manager to Do? Six Thinking Hats for Testers The Key to Good Interviewing 2008 Salary Survey Product Announcements 10 Things You Might Not Know About … The Last Word Ad Index Better Software - December 2008 Better Software - December 2008 - (Page Intro) Better Software - December 2008 - (Page BB1) Better Software - December 2008 - (Page BB2) Better Software - December 2008 - Better Software - December 2008 (Page Cover1) Better Software - December 2008 - Better Software - December 2008 (Page Cover2) Better Software - December 2008 - Better Software - December 2008 (Page 1) Better Software - December 2008 - Better Software - December 2008 (Page 2) Better Software - December 2008 - Contents (Page 3) Better Software - December 2008 - Mark Your Calendar (Page 4) Better Software - December 2008 - Mark Your Calendar (Page 5) Better Software - December 2008 - Contributors (Page 6) Better Software - December 2008 - Contributors (Page 7) Better Software - December 2008 - eLightenment (Page 8) Better Software - December 2008 - eLightenment (Page 9) Better Software - December 2008 - eLightenment (Page 10) Better Software - December 2008 - Technically Speaking (Page 11) Better Software - December 2008 - Code Craft (Page 12) Better Software - December 2008 - Code Craft (Page 13) Better Software - December 2008 - Code Craft (Page 14) Better Software - December 2008 - Code Craft (Page 15) Better Software - December 2008 - Test Connection (Page 16) Better Software - December 2008 - Test Connection (Page 17) Better Software - December 2008 - Management Chronicles (Page 18) Better Software - December 2008 - Management Chronicles (Page 19) Better Software - December 2008 - Management Chronicles (Page 20) Better Software - December 2008 - Management Chronicles (Page 21) Better Software - December 2008 - What's a Manager to Do? (Page 22) Better Software - December 2008 - What's a Manager to Do? (Page 23) Better Software - December 2008 - What's a Manager to Do? (Page 24) Better Software - December 2008 - What's a Manager to Do? (Page 25) Better Software - December 2008 - What's a Manager to Do? (Page 26) Better Software - December 2008 - What's a Manager to Do? (Page 27) Better Software - December 2008 - Six Thinking Hats for Testers (Page 28) Better Software - December 2008 - Six Thinking Hats for Testers (Page 29) Better Software - December 2008 - Six Thinking Hats for Testers (Page 30) Better Software - December 2008 - Six Thinking Hats for Testers (Page 31) Better Software - December 2008 - Six Thinking Hats for Testers (Page 32) Better Software - December 2008 - Six Thinking Hats for Testers (Page 33) Better Software - December 2008 - The Key to Good Interviewing (Page 34) Better Software - December 2008 - The Key to Good Interviewing (Page 35) Better Software - December 2008 - The Key to Good Interviewing (Page 36) Better Software - December 2008 - The Key to Good Interviewing (Page 37) Better Software - December 2008 - The Key to Good Interviewing (Page 38) Better Software - December 2008 - The Key to Good Interviewing (Page 39) Better Software - December 2008 - 2008 Salary Survey (Page 40) Better Software - December 2008 - 2008 Salary Survey (Page 41) Better Software - December 2008 - 2008 Salary Survey (Page 42) Better Software - December 2008 - 2008 Salary Survey (Page 43) Better Software - December 2008 - Product Announcements (Page 44) Better Software - December 2008 - Product Announcements (Page 45) Better Software - December 2008 - 10 Things You Might Not Know About … (Page 46) Better Software - December 2008 - The Last Word (Page 47) Better Software - December 2008 - Ad Index (Page 48) Better Software - December 2008 - Ad Index (Page Cover3) Better Software - December 2008 - Ad Index (Page Cover4) Better Software - December 2008 - Ad Index (Page STF1) Better Software - December 2008 - Ad Index (Page STF2) Better Software - December 2008 - Ad Index (Page STF3) Better Software - December 2008 - Ad Index (Page STF4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.