Alan Crouch addresses the question most commonly raised by those who are new to security testing: "How does security testing fit in my QA process?" Alan explains that security testing shouldn't be limited to the QA process, but instead should be applied throughout the entire software development lifecycle. Read this FAQ column for suggestions on how to improve your chances for success in catching security issues.

The loudest voice in the room might push for a stable, predictable, repeatable test process that defines itself up front, but each build is different. An adaptive, flexible approach could provide better testing in less time with less cost, more coverage, and less waste.

Developing software for mobile apps requires a different mindset from developing for computers. Some concepts transfer directly, but there are many device-related challenges managers must overcome. In part one of this two-part series on mobile challenges, Jonathan Kohl addresses some of the project factors managers should take into account during mobile application development.

Risk-based testing allows project teams to focus their limited test efforts on the areas of the product that really matter, based on the likelihood of bugs in those areas and the impact of bugs should they exist. By using risk priority to sequence test cases and allocate test effort, test teams can also increase their chances of finding bugs in priority order and allow for risk-based test triage if necessary.