Scribd
Upload
64 views14 pages

Software Penetration Testing

Penetration testing of software is most effective when integrated throughout the development process, not as a late stage "time boxed" activity. While penetration testing can find vulnerabilities, it is limited if security is not considered from the start. To fully assure software fulfills requirements, dynamic functional testing should be used along with following best security practices from initial design through implementation.

Uploaded by

Siva Ajay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
64 views14 pages

Software Penetration Testing

Penetration testing of software is most effective when integrated throughout the development process, not as a late stage "time boxed" activity. While penetration testing can find vulnerabilities, it is limited if security is not considered from the start. To fully assure software fulfills requirements, dynamic functional testing should be used along with following best security practices from initial design through implementation.

Uploaded by

Siva Ajay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Software penetration testing

B. Arkin ; S. Stender ; G. McGraw


Published in: IEEE Security & Privacy ( Volume: 3, Issue: 1, Jan.-Feb.
2005
Page(s): 84 - 87
Date of Publication: 14 February 2005 
Print ISSN: 1540-7993
Sivanandha
TP038986
UC3F1702 IT(ISS)
Abstract:
• Assuring that a software application fulfills its functional business
requirements.
• dynamic functional tests to ensure proper implementation of the
application's features.
Introduction
• Penetration testing is applied of all software security best practices, in
part because it's an attractive late lifecycle activity. 
Limitation

•  Approach is that it almost always represents a too little, too late


attempt to tackle security at the end of the development cycle.
•  Security consultants typically perform assessments like this in a “time
boxed” manner.
CAUSE

• Organizations fail to integrate


security through the
development process, their
software suffers from systemic
faults both at the design level
and in the implementation.

You might also like