Re: Re: Essential CGI Security Practices

I'd like to add Subsection 1 to Peer Review. This section would be called QA.

QA - Put your code into a replication of your production environment and get a dedicated QA person to go thru' your application as if it was live on the web. A skilled QA person is a seriously good weapon to have in your arsonal.

While youre there you may as well set up a dedicated UAT to test your application as well. Keep in mind you shouldnt tell your QA 'guy' about how or what your app does as this may influence the nature of their testing.

Comment on Re: Re: Essential CGI Security Practices

Replies are listed 'Best First'.
Re: Re: Re: Essential CGI Security Practices by belg4mit (Prior) on Feb 02, 2002 at 23:13 UTC
As much as I hate working with QA; partially because where I worked they often served as HCI/UI/HF, (not so) clearly when something is in testing is not the best time to redesign it; I'll have to ++. `-- perl -pe "s/\b;([st])/'\1/mg"`	[reply]