I just checked out the latest on LinkedIn and saw a question on one of the many testing groups from someone wanting advice on how to write a test plan on security testing.
Nothing really new about this, as one of the moderators of The Software Testing Club and regular reader of SQA forums I'm used to people asking the most basic testing questions ( the 'remove post' function can get some heavy use ).
Wonder what will happen to the person asking the question ? He'll probably get told to use Google, he'll find some basic security plans there, incorporate them into his test plan, send them off to the CEO, CIO, CFO, Old Macdonald and the mild mannered janitor, gets it signed off and yet another app with security flaws hits the market.
A test plan for security testing should be very simple.
Find out how important security is to the stakeholders.
If it's important, get a security expert in.
Is that a cop-out ? Should all testers be able to do security testing ? Do you do security testing on top of the other testing activities you do - if so, how confident are you that have done it well enough ?
What Makes a Great Conference?
23 hours ago