http://www.cigital.com/justiceleague/2008/03/31/how-do-companies-address-security-testing/ The Cigital Software Security and Quality Blog Thu, 24 Jul 2008 01:44:49 +0000 http://wordpress.org/?v=2.0.11 http://www.cigital.com/justiceleague/2008/03/31/how-do-companies-address-security-testing/#comment-7636 Wed, 09 Apr 2008 14:47:55 +0000 http://www.cigital.com/justiceleague/2008/03/31/how-do-companies-address-security-testing/#comment-7636 [...] Because black box tools to a large extent run canned tests they will not satisfy my security testing goal (see previous entry) of having run tests that one traces back to requirements. ‘Requirements that one created as a result of doing risk analysis that determines exactly what behaviors (and their impacts) should be avoided were the software attacked. [...] […] Because black box tools to a large extent run canned tests they will not satisfy my security testing goal (see previous entry) of having run tests that one traces back to requirements. ‘Requirements that one created as a result of doing risk analysis that determines exactly what behaviors (and their impacts) should be avoided were the software attacked. […]

]]>