Article by James A. Whittaker
When you hear the term penetration testing, you probably envision a lone genius performing arcane tests against some hapless piece of software. And before the renaissance in penetration testing, that was probably a realistic image. Today penetration testing is performed in a far more methodical manner. This is necessary because the Security Development Lifecycle (SDL), and its front-loaded secure design and development focus, is reducing the number of latent defects, making the task of finding vulnerabilities during testing much more difficult. Software security testing is too important to leave to a small group of virtuosos. It must be teachable, methodical, and repeatable so that it can be applied in a wide variety of circumstances.
Subscribe / Bookmark
