|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nathan Catlow (nsc
qsf.demon.co.uk)Date: Wed Jan 16 2002 - 13:33:43 CST
>
> The black box is useful not to contaminate the testers minds with design
> approachs. There is a need to have both teams.
>
I think there needs to be a definite distinction between 'source code audit'
and 'testing'. I agree that it may not be appropriate for testers to audit
source code, but testers should have access to parts of the source code for
the reasons stated in my previous mail.
That is of course if you 'can' access the source, at times there may only
binaries provided by third parties.
I'm confident that checking a line or two of php/asp/whatever to double check
a possible SQL injection issue would not result in a sudden inability to think
laterally.
IMHO anyway.
regards,
Nathan.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]