Issue No.01 - January-February (2005 vol.3)
Herbert H. Thompson , Security Innovation
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.3
Seemingly insignificant issues in applicaitons, from a quality assurance perspective, can turn out to be gaping security holes. Yet, these severe security issues often don't fit the model of traditional functional flaws. Often, testers and developers just fail to notice the side-effects of applicaiton choices, which typical software quality assurance procedures aren?t well suited to exposing. Security bugs' hidden nature requires specific, focused application-security testing techniques that defy the traditional model of verifying application specifications and instead identify the unspecified and insecure side-effects of "correct" application functionality. This installment of Basic Training examines application penetration testing--software testing that?s specifically designed to hunt down security vulnerabilities.
security vulnerabilities, software testing, security flaws, QA
Herbert H. Thompson, "Application Penetration Testing", IEEE Security & Privacy, vol.3, no. 1, pp. 66-69, January-February 2005, doi:10.1109/MSP.2005.3