“Can you perform security testing for us? “,asked a prospective customer.
“Sure, we are test specialists. Give us your security requirements, and we will test them! “,was the answer.
In reality, the situation is not that simple. In this respect, security is like usability: you can seldom expect customers to know all about it and get a free ride on their requirements. You may have to provide your customer with information about what “security” actually is and how it should be tested.
Besides, whereas security requirements may be simple (“no unauthorized access shall be possible”), testing for compliance with them may not be. Security testing is very much looking for unexpected side-effects were none (except hackers or crackers) expects them,which requires minute technical knowledge and plenty of “error-guessing”. For some reason, all this is called “penetration testing” in a security context.
Will ask Guruji more about this later
Vinay Jagtap
A hard core Technocrat with over a decade of extensive experience in heading complex test projects coupled with real time experience of project management and thought leadership. Extensive experience in Performance, Security and Automation Testing and development of automation frameworks and ability to setup and execute Global service centers and Center of Excellences for testing.
