Quality Testing

Quality is delighting customers

Hello All,


I am looking for some reviews from your end. In early stage of my career I was working as an Application Tester, then I switched my career to Application Security Testing. Many companies do insist their QA to do Application Security Testing. But from my experience if your mindset is for Functional Testing you can not be a Security Tester. 


Please let me know your views on 

Are companies going on right path to allowing security testing to a functional QA?

Views: 194

Reply to This

Replies to This Discussion

My answer is Functional tester (he / she) can do security testing.
To do any testing the Specifications are to be defined.  If the Product Specifications drafts the Securtity requirments also, then, Security testing will also form part of the Testing ( FUnctional /NonFunctional). 

I don't know what you mean by "functional QA" in your question.  Do you have a functional QA team that is distinct from other kinds of QA teams?


A production specification can certainly include a security requirements section, and if the requirements are phrased in the right way, they can be tested.  For example, you can verify that passwords are not stored in cleartext, of that a password needs to be at least six characters long with at least one digit and one special character.  However, how do you test whether someone can break into your product and do something malicious?


There are security tools for scanning source code and/or web interfaces, but they tend to produce a lot of false positives, and they often require an expert -- ideally, a software developer with a security-oriented skill set -- to interpret.  There are also security certification companies that specialize in using these tools to look for security bugs.  As with QA teams, I believe some of these companies are good at their jobs and some are just "checking the boxes".


I think there is nothing wrong with having a QA team do security testing, but they need a very specialized skill set, the right tools, and a working relationship with the software developers.  

If you can then do it, if you can't hire someone who can do it.
Functional Tester can do Security Testing......... There is nothing like security tester team , functional tester team , Performance tester team....etc. Testing includes everything.
Snehasish, you are wrong. There is always a separate SECURITY TESTING team. IF others can do it IT"S OK


TTWT Magazine





© 2021   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service