Here’s a new piece I wrote for SearchSoftwareQuality.com where I talk about the lifecycle of testing for Web security flaws. From obtaining buy-in to reporting to the stakeholders, it’s a process you need to master.
Security testing best practices for today’s Web 2.0 applications