Nowadays, every company is pretty much a technology company, and as such, they all should have some understanding of quality assurance (QA). Also, an understanding of information security would be nice. The question is, how and where do these two worlds collide?
Nowadays, every company is pretty much a technology company, and as such, they all should have some understanding of quality assurance (QA). Also, an understanding of information security would be nice. The question is, how and where do these two worlds collide?
And, is that security world AppSec or DevSecOps? Or is it something completely different?
The QA role often approaches testing an application through user stories and use cases, working toward verifying that it does everything it is supposed to do. On the other hand, an application security team often comes to the situation from a different perspective; they try to get the system to do something it is not supposed to do, going beyond the user interface and breaking free from documented user scenarios.
While these two perspectives may differ significantly, there is still a ton of shared vision for reaching the end goal: rooting out as many bugs as they can to deliver the best possible product. They also share some common challenges as they try to connect and work with the line-of-business owners, architects, IT, operations, and engineering teams.
With this in mind, what, specifically, are the synergies, and how can these two teams help each other succeed? Should they be working together, or does it make sense for them to remain separate?
Tune in to this episode with guests: Tom Morrissey (a long-time QA and engineering director) and Cassio Goldschmidt (a very active application security expert and OWASP leader) reach back to the past to help us understand how QA has evolved and what lessons the application security professionals can learn from their history.
Guests
Tom Morrissey, Director of Software Engineering
Cassio Goldschmidt, Sr. Director & CISO at ServiceTitan | OWASP Chapter Leader (@CassioGold on Twitter)
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
Archer: https://itspm.ag/rsaarchweb
Edgescan: https://itspm.ag/itspegweb
Resources
Learn more about OWASP: https://owasp.org/ (@owasp on Twitter)
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships