Access Restriction

Source CiteSeerX
Content type Text
File Format PDF
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Abstract Typical scenario looks like this – Customer calls and asks for a test – 2-3 weeks prior to product going “live” – Security test required by auditors – Want to ensure “hackers can’t get in” – How secure are we? What problems do you see here? Copyright © 2007 KRvW Associates, LLCThe problem Too many organizations have either: – Neglected security testing entirely – Assumed (incorrectly) their QA testing will catch security issues – Adopted a late-cycle penetration test process as their sole security test When you ask the wrong questions, you won’t get the answers you need! Copyright © 2007 KRvW Associates, LLCSecurity testing is different Security focus should primarily be on nonfunctional aspects of the software – Not just focused on what the software can or should do – Active deception of software intent – Need to test every aspect of app QA team often has a tough time “thinking like an attacker” Copyright © 2007 KRvW Associates, LLCUninformed “black box ” testing Advantages – Unencumbered by prejudices of how things “should” behave – Accurately emulates what an outsider might find – Can be inexpensive and quick
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study