- Developers
- Functional testers (QA)
- Security testers
However when I was preparing for my OWASP talk for AppSec EU in Dublin, I started thinking about this a bit more.
And now I think that can be expanded:
Developers, QA and security testers all need to have a pretty good understanding of what the other 2 groups do.
So I'm saying you cant really be a good developer unless you know about QA (functional testing) AND about security testing.
You dont have to be an 'expert' in both areas, but you need to have a good grounding in each.
The former is actually quite common - most developers (at least in my experience) work pretty closely with QA and so should have picked up a fairly good idea of what they and how they do it. The latter, well, some do and some dont.
But the converse is also true - I dont think you can be a good security tester without knowing about both development and QA,
And you can be a good functional tester without knowing about both development and security testing.
Anyone feel like arguing against that? :)
Which group are you in, and how good is your understanding of the other 2 disciplines?