This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Now's a good time to be in the software QA business. Studies are showing – and many business people are realizing – that the quality of their software has a direct bearing on the overall security of their IT environment. At the heart of this are QA professionals. In many situations, they have the final say-so about software bugs that ultimately create security risks. There's a lot of pressure of these team members but there can also be a lot of rewards associated with QA professionals knowing that they play an integral role in web application security.
Many businesses approach web security testing in the wrong way. Simply put, they don't involve their QA staff in performing in-depth web security testing. Be it running web vulnerability scans or performing manual analysis having QA pros work as part of the team to help find security flaws can really work to your advantage. QA specialists typically possess the exact traits needed to find web security vulnerabilities and security issues including:
Quality Assurance Professionals Have the Training
Many QA professionals have degrees in computer science. Many are former developers. Because of this experience, QA professionals understand the core essentials of software development. That's the first (big) step towards understanding, finding, and fixing application security flaws.
Quality Assurance Professionals are Bug Hunters
The essence of a good security tester, hacker, hunter, or whatever term you want to use is having the wherewithal to know what to seek out. They understand the value in "breaking" stuff and they know how to break it. They also know that using good tools is critical to their success.
Some QA professionals perform all of their tests the old-fashioned way: manually. However, the wise person performing software QA knows his time is limited. An automated web vulnerability scanner and its accompanying tools can reap tremendous rewards in the hands of a QA professional because he knows exactly what he's looking at and the behaviors that should be expected from the application.
Quality Assurance Professionals Have the Dedication and Patience Needed to Excel
QA professionals are in the business of finding bugs and security holes in any type of software and web applications because that's what they love doing. QA staff have to know a lot about a lot but that's okay because software testing is often the only thing that they do. Even if software testing is super repetitive work, they're good at it because of this repetition and because that's how their mind works best.
All in all, there are plenty of reasons that every organization should have QA staff performing web security testing. The more eyes you have on web security the better. Security is all about quality and QA pros can be a great fit for the job.