posted 8 years ago
I don't think I'd refer to that as penetration testing but after every sprint, I would strongly recommend adding in a variety of security testing to whatever other testing you are doing. Anomaly testing is really good. Boundary testing in a serious way, rather than just testing the programmer's assumptions. Input validation. Lots and lots of input validation, including using anomaly testing.
Ric