Software Testing
When All You Have is a Hammer…
We’ve probably all experienced organizations that rely principally on a single assessment technique (whether it be static or dynamic, manual or tool-based). Unfortunately, this is all too common for security practices. When this topic came up recently with the question (paraphrased), “Are there numbers that demonstrate the value of a security program making use of [...]
Automate security tests and build security in from day one
Or: The ugly baby phenomenon and why you should not focus on false positives Dr. Markus Schumacher has served as CEO and Co-Founder of Virtual Forge GmbH since 2006. The company specializes in the security of SAP applications. Dr. Schumacher was previously a representative of the Fraunhofer Institute for Secure Information Technology (SIT) and worked [...]
Is Penetration Testing Security Testing?
Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage). These tools are degenerate, at best, in facilitating a security testing strategy. Why? Because, these tools are “black box” tools. What are [...]
How do companies address security testing?
An organization can say they’re successfully conducting security testing when 1) they can trace test cases back to security requirements that embody the application’s ability to resist viable attack that would cause the business to suffer impact to its mission and 2) they enter security bugs in their bug-tracking software. They must then prioritize and [...]
