Chapter 9

Testing Commercial off-the-Shelf Systems

In Chapter 8 we looked at a number of ways to conduct security and resilience testing on custom-developed applications when design documentation and source code are available to the testing teams and security experts. When commercial off-the-shelf (COTS) software is used by custom-developed systems or offered as an infrastructure service, you may run into problems when you discover vulnerabilities during preproduction black box testing and penetration testing. In most cases, when problems are found with COTS systems, it’s difficult to identify what to do about them or even determine who to contact.

Chapter Overview

In Chapter 9 we’ll explore some of the problems related to determining the security ...

Get Secure and Resilient Software Development now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.