I’m working on writing some kind of a handbook (probably longer than 30 google doc pages) for QA and testers, created by a QA Engineer for QA Engineers Not sure if there’s much interest out there on this topic, but my plan is to keep it simple and provide the necessary info for the day-to-day security testing of web apps. I don’t want to write a lot about something generic about cybersecurity, but from my own experience, I can definitely share how QA can start conducting security tests - the simple and fast way. You can find tons of deep, detailed sources meant for cybersecurity pros or those who want to become them, but that stuff is pretty dense and the focus is usually different from what testers need. I’m not sure if anyone would want to publish it as an e-book or article, but as a kinda of cybersec enthusiast, I’d love to share my journey, what I’ve learned, and try to refresh my knowledge and maybe even learn something new by doing this.
Would love to hear any ideas and opinions you have. Do you think stuff like this might be useful? What kind of info or guides would you want as a tester, and in what format, etc?
Your proposed handbook for QA focusing on day-to-day security of web apps is a valuable resource.
While there are many in-depth sources, they can often cater to professionals or those who pursuing the field, making them dense and not always applicable to tester’s needs.
As a tester, I would appreciate guides on how to start conducting security tests, what tools to use and why, and how to interpret results.
Real-world examples of common vulnerabilities and how to test them would be helpful.
Additionally, information on best practices for integrating security testing with SDLC and role of QA in security would be beneficial.
Consider structuring your handbook with an intro of security testing, followed by various type of tests like-
PenTest
Security audits
Vulnerability scanning
Include case studies to illustrate concepts.
Also, discuss the importance of continuous security testing, updates and awareness.
Do share - I can see you have a lot to share. While there is information around on this topic, it could probably need an update and some fresh perspectives.
Have you considered setting up a blog site for it? That could help you make shorter more focussed posts with embedded media. Alternatively, you can publish the full Google doc as an e-book on either Gumroad or LeanPub.
Not sure if there’s much interest out there on this topic, but my plan is to keep it simple and provide the necessary info for the day-to-day security testing of web apps. I don’t want to write a lot about something generic about cybersecurity, but from my own experience, I can definitely share how QA can start conducting security tests - the simple and fast way. You can find tons of deep, detailed sources meant for cybersecurity pros or those who want to become them, but that stuff is pretty dense and the focus is usually different from what testers need. I’m not sure if anyone would want to publish it as an e-book or article, but as a kinda of cybersec enthusiast, I’d love to share my journey, what I’ve learned, and try to refresh my knowledge and maybe even learn something new by doing this.