It almost doesn't matter that you aren't *required* to use a single sign-on, the option is simply dangerous. This is especially true when there are various levels of security expectation associated to the various platforms.
The typical user should not have to do security research before deciding how to sign in to their new PC. This is similar to the security lesson learned by Twitter, for example...if might be a bad idea to link accounts directly, but maybe it's OK to associate them with limited permissions as granted by the user at the time of association.
What software/application you are working on can really change the equation, just as it does for the application developer, but here is a short list of software and skills I use in testing a publicly available web application, I'm sure I'm missing things, just a quick list...
Tests are written in Java.
TestNG for managing what gets tested and defining the data providers
Jenkins for continuous integration and scheduled testing
Selenium to drive the web app ( a proxy that gives us pretty darned complete access to a web page )
SQL most often from the java code, but sometimes manually in a SQL Query client to verify data.
Linux - general knowledge to help track down the source of problems on occasion. We dont like to throw "dumb" reports back to the devs.
Apache/Tomcat - we write log parsers to verify some activities, and sometimes just tail/grep them in narrowing down the cause of a bug.
And of course we manually test, too. But, damn, is that boring...:)
I'm a QA engineer and I *do* consider the app developers to be evil, lazy and malicious. Well, not really, I just agree that I should assume so for testing purposes since they are humans. Also, in response to the parent comment, I'm REALLY glad that we work in parallel and directly with app developers. It gives them *and* us tremendous advantage.
Slashdot Mirror
It almost doesn't matter that you aren't *required* to use a single sign-on, the option is simply dangerous. This is especially true when there are various levels of security expectation associated to the various platforms.
The typical user should not have to do security research before deciding how to sign in to their new PC. This is similar to the security lesson learned by Twitter, for example...if might be a bad idea to link accounts directly, but maybe it's OK to associate them with limited permissions as granted by the user at the time of association.
Whatever we do, we shouldn't fight him. Triangle man kills person man. Leave this to universe man. stupid comment, powered by "they might be giants"
And of course we manually test, too. But, damn, is that boring... :)
I'm a QA engineer and I *do* consider the app developers to be evil, lazy and malicious. Well, not really, I just agree that I should assume so for testing purposes since they are humans. Also, in response to the parent comment, I'm REALLY glad that we work in parallel and directly with app developers. It gives them *and* us tremendous advantage.