Secure Coding mailing list archives
Re: Security Test Cases for Testing
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Fri, 19 Dec 2003 15:27:39 +0000
On Wednesday 17 December 2003 20:12, Gene Spafford wrote:
We label too many surprises as security problems. The fact that we are employing ill-designed software in the first place is the security problem.
I couldn't agree more. The initial posting in this thread presumed that all testing is done during/ after the implementation, however. What about "testing" during design? Naturally, testing during the design--and I'm including requirements & specifications phases here in a broad sense--is going to be very different than running tools that detect SQL insertion, XSS, buffer overruns, etc., in source code. I've seen some design-time testing methodologies and tools (e.g., formal methods for proving safety-critical designs against logic flaws), but it's certainly an area that isn't as practiced as implementation-time testing. Cheers, Ken van Wyk
Current thread:
- Security Test Cases for Testing Giri, Sandeep (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 18)
- Re: Security Test Cases for Testing Gene Spafford (Dec 19)
- Re: Is Open Source Software "more" secure? Jared W. Robinson (Dec 20)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing Kenneth R. van Wyk (Dec 19)
- Re: Security Test Cases for Testing Dana Epp (Dec 19)
- Re: Security Test Cases for Testing Gene Spafford (Dec 20)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Jeff Williams @ Aspect (Dec 17)