Secure Coding mailing list archives
Adapting Penetration Testing for Software Development Purposes
From: weld at vulnwatch.org (Chris Wysopal)
Date: Tue, 23 Jan 2007 09:30:26 -0500 (EST)
Ken, I enjoyed reading your this article. My book "The Art of Software Security Testing" is based on the concept of using penetration techniques as part of the development lifecycle and is specifically targetted at QA professionals. One of my co-authors Elfriede Dustin has written 5 QA books and assured that the book was accessible to that audience. There are some free chapters of the book available: Chapter 3: The Secure Software Development Lifecycle http://www.devsource.com/article2/0,1895,2055988,00.asp Charter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling http://www.prnewswire.com/mnr/veracode/26386/docs/Wysopal_Rev-Chapter%2004.pdf Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9006870&taxonomyId=17&intsrc=kc_feat Cheers, Chris On Mon, 22 Jan 2007, Kenneth Van Wyk wrote:
Greetings SC-L folk, FYI, there's been a wave of new content added to the DHS-funded software security portal, Build Security In (home URL is http:// BuildSecurityIn.us-cert.gov). Most recently, a couple of articles about penetration testing and tools were added (see https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/ penetration/655.html?branch=1&language=1). (Full disclosure: I'm the author of the pen testing articles, but don't let that stop you from grabbing them. ;-) All of the articles on the BSI portal are free. Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Adapting Penetration Testing for Software Development Purposes Kenneth Van Wyk (Jan 22)
- Adapting Penetration Testing for Software Development Purposes Chris Wysopal (Jan 23)