[SC-L] Adapting Penetration Testing for Software Development Purposes
Chris Wysopal
weld at vulnwatch.org
Tue Jan 23 09:30:26 EST 2007
Ken,
I enjoyed reading your this article. My book "The Art of Software
Security Testing" is based on the concept of using penetration techniques
as part of the development lifecycle and is specifically targetted at QA
professionals. One of my co-authors Elfriede Dustin has written 5 QA
books and assured that the book was accessible to that audience.
There are some free chapters of the book available:
Chapter 3: The Secure Software Development Lifecycle
http://www.devsource.com/article2/0,1895,2055988,00.asp
Charter 4: Risk-Based Security Testing: Prioritizing Security Testing with
Threat Modeling
http://www.prnewswire.com/mnr/veracode/26386/docs/Wysopal_Rev-Chapter%2004.pdf
Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing
http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9006870&taxonomyId=17&intsrc=kc_feat
Cheers,
Chris
On Mon, 22 Jan 2007, Kenneth Van Wyk wrote:
> Greetings SC-L folk,
>
> FYI, there's been a wave of new content added to the DHS-funded
> software security portal, Build Security In (home URL is http://
> BuildSecurityIn.us-cert.gov). Most recently, a couple of articles
> about penetration testing and tools were added (see
> https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/
> penetration/655.html?branch=1&language=1).
>
> (Full disclosure: I'm the author of the pen testing articles, but
> don't let that stop you from grabbing them. ;-)
>
> All of the articles on the BSI portal are free.
>
> Cheers,
>
> Ken
> -----
> Kenneth R. van Wyk
> SC-L Moderator
> KRvW Associates, LLC
> http://www.KRvW.com
>
>
>
>
>
More information about the SC-L
mailing list