• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

qa testing

July 24, 2017 by James Jardine Leave a Comment

MySpace Account Takeover – Take-aways

Have you ever forgotten your password, or lost access to your accounts? I know I have. The process of getting your access back can range from very easy to quite difficult. In one case, I had an account that required that a pin code be physically mailed to me in 7-10 days. Of course, this was a financial account that required extra protections. I came across this article (https://www.wired.com/story/myspace-security-account-takeover/) that identified that MySpace's process for regaining access … [Read more...] about MySpace Account Takeover – Take-aways

Filed Under: News, Take-Aways Tagged With: application security, AppSec, developer, developer security, qa, qa security, qa testing, secure development, security

January 17, 2017 by James Jardine Leave a Comment

Remember Me Features

Tired of constantly logging into your applications? Don't you wish they would just remember you each time you visit, logging you right in? It isn't as always easy to achieve such a status. There are multiple ways remember me can be implemented. Lets take a look at some of them. Remember UserName One of the most common ways for a site to implement the remember me functionality is to remember the username only. The username is typically stored in a cookie on the client's computer. … [Read more...] about Remember Me Features

Filed Under: General Tagged With: application security, AppSec, awareness, design, qa, qa testing, remember me, secure design, secure development, security, testing

July 28, 2016 by James Jardine Leave a Comment

How Serious is Username Enumeration

Looking through Twitter recently, I caught a very interesting stream that started with the following message: What's the deal with the enumeration exclusions on all the @bugcrowd bounties. Clients just don't want to fix?— Stephen Haywood (@averagesecguy) July 26, 2016 There were quite a few replies, and a good discussion on the topic of the seriousness of username enumeration flaws. 140 characters is difficult to share a lot of thoughts, so I thought this would actually be … [Read more...] about How Serious is Username Enumeration

Filed Under: Uncategorized Tagged With: application security, AppSec, bug bounty, enumeration, penetration testing, qa, qa testing, research, secure design, security, username enumeration

October 9, 2015 by James Jardine Leave a Comment

Insufficient Session Expiration: Testing

Insufficient Session Timeout is a security flaw that can mean a few different things. One common finding for this is that the session timeout is set too long. For example, the session is valid after an hour of being idle. Another common finding is when the session is not properly terminated after the user uses the logout/sign out feature. In this post we will cover these two test cases and how to test for them. A.K.A Insufficient Logout Insecure Logout Insufficient Session … [Read more...] about Insufficient Session Expiration: Testing

Filed Under: General Tagged With: insufficient session, log out, logout, qa, qa testing, security testing, session, session expiration, sign out, signout, testing

August 21, 2015 by James Jardine Leave a Comment

Tips for Securing Test Data (Scrubbing?)

An application typically has multiple environments from development through to full production. It is rare to find an application that doesn't use some form of data. Some applications may use just a little data with a very simple database, while others may have very complex database schemas with a lot of data. Developers usually load just enough data to test the features/functions being implemented in the current iteration. Production systems contain actual customer information which may be … [Read more...] about Tips for Securing Test Data (Scrubbing?)

Filed Under: General Tagged With: data, data scrubbing, data storage, production, qa, qa testing, security, security awareness, security testing

May 24, 2015 by James Jardine Leave a Comment

Security for QA Testers: The Importance

Quality Assurance (QA) testing is a critical role for any application that is being developed. The purpose: to identify flaws within the application that effect how the application runs and the users that use it. Typically this has focused on the goal of identifying flaws that prohibited the application functions from performing as expected. When I say expected, I mean that the end user is not able to complete his identified task. Over the past decade there has been a growing focus on the … [Read more...] about Security for QA Testers: The Importance

Filed Under: General Tagged With: bug tracking, flaws, lifecycle, qa, qa awareness, qa testing, security, security testing, security training, software assurance, testing

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved