Security Basics mailing list archives
Re: Why Security testing is required
From: Rishi Pande <rpande () vt edu>
Date: Fri, 20 Feb 2004 18:02:48 -0500
I think the greater reason for security is not what is going to happen to your software(at most it may crash), but what problem the software you built introduces in other software or the system it is running on. Using an example, if you build an insecure web application running on a *secure* box, you have introduced a way for an attacker to take over the system. Because a computer is nothing but a bunch of software and hardware operating together, the only way to assure that the entire box is safe is by making sure that each individual component (software or hardware) is safe. The main goal of software testing is to ensure that the component is secure, to my mind.
Hope this helps.
Rishi Pande
On Feb 19, 2004, at 9:07 PM, Matt Lyon wrote:
Hi List,As a non technical person I want to know why security testing is required when all security systems like Firewall, IDS and content management are inplace.This is a very basic question but I want to know answers from differentusers point of view like:- 1. system Administrator 2. system Manager 3. User 4. CEO of the company Thanks in advance. NKPBecause you can't assume the infalibility of those systems. An employee could introduce a hole and not know it thus leaving your whole system vulnerable.IMHO the hardest part of keeping a network secure is limiting the human factor._________________________________________________________________Take off on a romantic weekend or a family adventure to these great U.S. locations. http://special.msn.com/local/hotdestinations.armx----------------------------------------------------------------------- ---- Free trial: Astaro Security Linux -- firewall with Spam/Virus ProtectionProtect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219----------------------------------------------------------------------- -----
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- RE: Why Security testing is required Matt Lyon (Feb 20)
- Re: Why Security testing is required Meritt James (Feb 24)
- Re: Why Security testing is required Rishi Pande (Feb 24)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- <Possible follow-ups>
- Re: Why Security testing is required Fralick, Alan (Feb 25)
(Thread continues...)