There’s been a lot of security breaches in the news recently, I guess there always is. The most recent ones being Ticketmaster and Addidas.
I read a blog a while ago about a web developer security checklist. It looks pretty cool! I was wondering if anyone had something like that for software testers? I’m thinking mind maps, checklists, any kind of list like this, we’ll call it the web testers security checklist
There’s obviously the OWASP Top 10 but I’m thinking maybe something a bit less wordy.
Hi Heather
I would still rely on OWASP top 10 because that is the first checklist. That list is formed after collecting knowledge from security experts all around the world and with real-world data. We should be testing those 10 things- however, for the understanding of the testers, the text on the website can be simplified- and there are blogs for that. I had a thorough study of it and have tested the list before- it’s truly amazing!
I wrote this up last year, following a Test Master’s Conference Workshop I attended regarding Information security, given by @danielbilling, and added my thoughts as it applies to the overall SDLC: