Proper Penetration Testing Is Good

Previous page
Table of content
Next page

Penetration testing is the most commonly applied mechanism used to inject security into the SDLC. Unfortunately, it is the most commonly misapplied mechanism as well. By adjusting penetration testing to account for results uncovered during testing at the unit level, driving outsidein test creation from risk analysis, and driving the results back into an organizations SDLC, many common pitfalls can be avoided. Note that the approach described here is extremely useful and important, but also not very common. Ask lots of hard questions about any particular approach to penetration testing before you put too much credence in it, especially if security consultants are involved.

Don't forget that the real value of penetration testing comes from its central role in vetting configuration and other essential environmental factors. Use penetration testing as a "last check" before code goes live instead of as a "first check" of security posture.

As a measurement tool, penetration testing is most powerful when fully integrated into the development process in such a way that early-lifecycle findings are used to inform testing and that results find their way back into development and deployment practices.



Previous page
Table of content
Next page
Software Security. Building Security In
Software Security: Building Security In
ISBN: 0321356705
EAN: 2147483647
Year: 2004
Pages: 154
Authors: Gary McGraw
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Lotus Notes and Domino 6 Development (2nd Edition)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Junos Cookbook (Cookbooks (OReilly))
Extending and Embedding PHP
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy