Issue No. 01 - January-February (2005 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.23
Brad Arkin , Symantec
Scott Stender , Information Security Partners
Gary McGraw , Cigital
Quality assurance and testing organizations are tasked with the broad objective of assuring that a software application fulfills its functional business requirements. Such testing most often involves running a series of dynamic functional tests, to ensure proper implementation of the application?s features. However, because security is not a feature or even a set of features, security testing doesn't directly fit into this paradigm.
security testing, penetration testing, software development life cycle
G. McGraw, S. Stender and B. Arkin, "Software Penetration Testing," in IEEE Security & Privacy, vol. 3, no. , pp. 84-87, 2005.