Monday, 4 July 2011

Developers Vs QA Vs Security testers

When developing software there are now 3 groups of teckies involved:
  • Developers
  • Functional testers (QA)
  • Security testers
For a while I've been trying to convince developers that they really need to have a basic understanding of security testing - you just cant develop a secure application unless you know how its going to be attacked.
However when I was preparing for my OWASP talk for AppSec EU in Dublin, I started thinking about this a bit more.

And now I think that can be expanded:

Developers, QA and security testers all need to have a pretty good understanding of what the other 2 groups do.

So I'm saying you cant really be a good developer unless you know about QA (functional testing) AND about security testing.
You dont have to be an 'expert' in both areas, but you need to have a good grounding in each.
The former is actually quite common - most developers (at least in my experience) work pretty closely with QA and so should have picked up a fairly good idea of what they and how they do it. The latter, well, some do and some dont.

But the converse is also true - I dont think you can be a good security tester without knowing about both development and QA,
And you can be a good functional tester without knowing about both development and security testing.

Anyone feel like arguing against that? :)

Which group are you in, and how good is your understanding of the other 2 disciplines?

5 comments:

  1. wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, QA online trainingamong the QA in Hyderabad. Classroom Training in Hyderabad India

    ReplyDelete
  2. It was so nice article.I was really satisified by seeing this article and we are also giving QA online training.The QA online training is one of the best QA online training institute in USA.

    ReplyDelete
  3. I was totally amazed when i saw this website Best testing tools Online Training first time i thought this is what i am looking for from a long time i am very thankful to you for helping not only me but to all those guys who are new to this IT SECTOR and who wants to make a career ih this sector.

    ReplyDelete
  4. Thanks for Information Quality Assurance is the systematic process to check whether the product developed from the company is perfect and meeting the requirements specified for the product. This Quality Assurance was introduced in World War II when the weapons used were inspected and tested after manufacturing, but now the situation have changed and every company is following the advanced technologies for quality and most of the companies will have a separate department for the Quality testing.QA Online Training

    ReplyDelete