This Article 
 Bibliographic References 
 Add to: 
Developing and Retaining a Security Testing Mindset
September/October 2008 (vol. 6 no. 5)
pp. 82-85
Edward Bonver, Symantec
Michael Cohen, Cigital
Developing a security testing mindset is a hard task. Moreover, as hard as it is to develop it, it's just as hard to retain it and effectively apply it during testing. The authors discuss what it takes to conduct successful software security testing, primarily by describing how to develop a security testing mindset, retain it, and effectively apply it. In particular, they explore the different roles and processes an organization needs to maintain a high level of security assurance.

1. G. McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
2. S. Smith and J. Marchesini, The Craft of System Security, Addison-Wesley, 2007.
3. C. Wysopal et al., The Art of Software Security Testing: Identifying Software Security Flaws, Addison-Wesley, 2006.
4. M. Dowd, J. McDonald, and J. Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison-Wesley, 2006.
5. G. Peterson and J. Steven, "Defining Misuse within the Development Process," IEEE Security &Privacy, vol. 4, no. 6, 2006, pp. 81–84.
6. F. Swiderski and W. Snyder, Threat Modeling, Microsoft Press, 2004.
7. M. Howard and S. Lipner, The Security Development Lifecycle, Microsoft Press, 2006.

Index Terms:
Building security in, testing, software development life cycle
Edward Bonver, Michael Cohen, "Developing and Retaining a Security Testing Mindset," IEEE Security & Privacy, vol. 6, no. 5, pp. 82-85, Sept.-Oct. 2008, doi:10.1109/MSP.2008.115
Usage of this product signifies your acceptance of the Terms of Use.