Down the Rabbithole Podcast | Security Compass Labs

About Security Compass

Security Compass is an industry-leading information security consulting firm, specializing in secure software development and training.

To request additional information about Security Compass and get started on your strategic security solutions:
Learn more Contact us
About SD Elements

SD Elements makes securing software easier while building compliance into your application.

To learn more, visit our website.
Categories
- Android
- Apple
- Application Security
- Compliance
- Conferences
- Events
- Featured
- Guest Post
- Management
- Mobile Security
- podcast
- SD Elements
- Security Frameworks
- Training
- Tutorials
- Uncategorized
- Videos
- Whitepapers
- Wireless Security
Tags
android hacking, iOS hacking, mobile training, pci, requirements, agile, course, free, isc2, linkedin, pci-dss, compliance, pci compliance, whitepaper, mobile hacking, mobile security, pci training, owasp training, regulatory, tailored training, quality, rsa, apple, safety, exploit-me, sector, toorcon, phishing, video, malware, jsf, banking, mobile, research, case study, culture, xss, sd elements, android, sdlc, training, tutorial, mobilesec, owasp, appsec
@SecurityCompass
- Security Compass Launches "NFC Village" Hands-On Hacking Lab for North American Information Security Conferences http://t.co/vArwNk3YRE - posted 10 hours ago
- 6 Hot Cloud Apps to Boost Your IT Department’s Efficiency and Productivity | SD Elements Blog - Application Security http://t.co/jpHIfPCNjB - posted 1 day ago
- How Security Compass 'stole' $14 million from a bank. CNN Money: http://t.co/K926OvwcZ6 - posted 1 week ago
- Hey developers - we're hiring! Why you should work with us: http://t.co/XlPFNiViMi Job postings: http://t.co/Cj0t7dRMem - posted 1 week ago

Down the Rabbithole Podcast

posted on Oct 12, 2011 by Rohit Sethi Comments:

Comments:

0

I had the privilege of sitting down with Rafal Los & Glenn Leifheit at OWASP AppSecUSA 2011 in Minneapolis to talk about how we can embed security in QA. Raf was nice enough to record our conversation on his popular Podcast series, Down the Rabbithole.

We are big fans of finding practical, repeatable ways to build a subset of security testing into QA. We like to delineate between the easily repeatable stuff (“does your cookie have the secure flag set?”) from the kinds of domain-specific or obscure attacks that require years of penetration testing experience. The former can belong to QA, while the latter belongs to pen testers. We believe in this so strongly that we’ve incorporated test instructions and videos on how QA can manually look for basic security issues as part of SD Elements.