[WEB SECURITY] Security test case automation

Martin O'Neal martin.oneal at corsaire.com
Thu Jan 23 10:44:19 EST 2014

> are there any tools/frameworks available for us to achieve this?

Like many situations in life, it's really not about the tool, it's what you do with it. ;)

My experience of being a roaming consultant and visiting dozens of corporate development environments, is that most people that simply buy a tool, do so as an investment in shelfware. Great for the tool vendor (hey, no support costs!) but bad for whoever is looking to get some value out of the investment.

A better approach tends to be a package of education, process reforms, and a deeper understanding of which parts of the process should be owned internally, and which should be outsourced.

This is all just my opinion of course. And I'm sure that whatever tool you buy will look wonderful on your shelf, alongside a photo of your kids. ;)



More information about the websecurity mailing list