This document discusses the challenges of security testing and how development-driven security testing can help address them. It outlines three main reasons security testing is difficult: large scope, difficulty hooking tests into code, and the halting problem. It then demonstrates how tools like Freud and PowerMock can help security testers iterate over code, write tests for unsafe calls and missing implementations, find code calling dangerous APIs to fuzz, and test for forbidden parameters - addressing problems that regular testing can miss due to unintended behaviors. By working with developers using techniques like these, security testing can be more comprehensive.