Issue No. 01 - January-February (2005 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.23
Gary McGraw , Cigital
Scott Stender , Information Security Partners
Brad Arkin , Symantec
Quality assurance and testing organizations are tasked with the broad objective of assuring that a software application fulfills its functional business requirements. Such testing most often involves running a series of dynamic functional tests, to ensure proper implementation of the application?s features. However, because security is not a feature or even a set of features, security testing doesn't directly fit into this paradigm.
security testing, penetration testing, software development life cycle
Gary McGraw, Scott Stender, Brad Arkin, "Software Penetration Testing", IEEE Security & Privacy, vol. 3, no. , pp. 84-87, January-February 2005, doi:10.1109/MSP.2005.23