10.3. The Trouble with Security Testing
It's pretty obvious that security testing is difficult. The amount of knowledge of the techniques and tools needed to test the security of web applications is overwhelming. As with many of the other testing disciplines we have discussed, it's urged that you test for security from day one of the application life cycle and think of security as a feature. The most difficult part of thinking of security as a feature of your web application is finding the potential security problems.
10.3.1. Knowledge Transfer
Developers are a stubborn group of people. Many developers that I know will not ask for help when they encounter issues. They would rather research the problem for hours and figure it out themselves. The fact that many developers seclude themselves, and are unwilling to ask for help, is detrimental to the development community — especially in the security world. I feel that knowledge is best shared in a group of people, where multiple people can voice their options.
There is also the mindset of experts not willing to share information for fear of losing their job or not being the only one who can accomplish a particular task. This is common in the security-testing world, with many security experts not willing to share the "Tricks of the Trade."
There are many movements such as ALT.NET, agile software practices, software craftsmanship, and the .NET users groups in the Microsoft Heartland district to help combat this issue by fostering safe ...
Get Testing ASP.NET Web Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
