Difference between revisions of "Test Analyst"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
{{Template:SecureSoftware}}
 +
 
==Role Description==
 
==Role Description==
 
In a structured development organization, security should not have a great impact on the overall processes used. The test organization should still be testing to requirements, implementing regression suites, and so on.  
 
In a structured development organization, security should not have a great impact on the overall processes used. The test organization should still be testing to requirements, implementing regression suites, and so on.  
  
In practice, this will generally require new testing tools that are specifically geared toward security because traditional tools are not good at ferreting out security risks.
+
In practice,this will generally require new testing tools that are specifically geared toward security because traditional tools are not good at ferreting out security risks.
  
 
Ultimately, beyond tool training and learning about risks well enough to be able to check for them, testing groups do not need to be security experts.
 
Ultimately, beyond tool training and learning about risks well enough to be able to check for them, testing groups do not need to be security experts.
  
==Categories==
 
 
[[Category:Role]]
 
[[Category:Role]]
 +
[[Category:CLASP Role]]
 +
[[Category:OWASP CLASP Project]]

Latest revision as of 11:00, 27 May 2009


Role Description

In a structured development organization, security should not have a great impact on the overall processes used. The test organization should still be testing to requirements, implementing regression suites, and so on.

In practice,this will generally require new testing tools that are specifically geared toward security because traditional tools are not good at ferreting out security risks.

Ultimately, beyond tool training and learning about risks well enough to be able to check for them, testing groups do not need to be security experts.