Issue No.01 - January-February (2005 vol.3)
Brad Arkin , Symantec
Scott Stender , Information Security Partners
Gary McGraw , Cigital
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.23
Quality assurance and testing organizations are tasked with the broad objective of assuring that a software application fulfills its functional business requirements. Such testing most often involves running a series of dynamic functional tests, to ensure proper implementation of the application?s features. However, because security is not a feature or even a set of features, security testing doesn't directly fit into this paradigm.
security testing, penetration testing, software development life cycle
Brad Arkin, Scott Stender, Gary McGraw, "Software Penetration Testing", IEEE Security & Privacy, vol.3, no. 1, pp. 84-87, January-February 2005, doi:10.1109/MSP.2005.23