Writing Secure Code by Michael Howard and David LeBlanc

The designers, program managers, and architects have designed a good, secure product, and the developers have written great code—now it’s time for the testers to keep everyone honest! It’s unfortunate, but many testers think they are the tail of the development process, cleaning up the mess left by developers. Nothing could be further from the truth; security testing is an important part of the overall process. In this chapter, I’ll describe the important role testers play when delivering secure products, including being part of the entire process—from the design phase to the ship phase. I’ll also discuss how testers should approach security testing—it’s different from normal testing. This is a pragmatic chapter, full ...