Unlike typical penetration testing QA has access to internal documents and insider information giving them advantages to aide in the testing of an application. In addition to documenting customer use cases it s important to begin the process of documenting what an attacker may attempt against your application as well and incorporating these attacker use cases into a security section of your standard test plan.
