Quality assurance testers are an important part of the software development process. But they mostly test for functionality -- does it work with the data I put in? Often times they don't test what happens if one inputs malformed data and tries to break the system. Security should be part of the QA testing process. Often times we get blank stares when we ask companies how they ensure security of their applications. Robert Auger has put up a very basic set of steps to bring security testing into your QA process. It's worth taking a look.