Chapter 6. Software Penetration Testing[1]

Software Penetration TestingPenetration testingTesting.Penetration testing; Risk-based security testing.Touchpointslist ofpenetration testingParts of this chapter appeared in original form in IEEE Security & Privacy magazine co-authored with Brad Arkin and Scott Stender [Arkin, Stender, and McGraw 2005]

You can’t make an omelet without breaking eggs.


Quality assurance and testing organizations are tasked with the broad objective of ensuring that a software application fulfills its functional business requirements. Such testing most often involves running a series of dynamic functional tests late in the lifecycle to ensure that the application’s features have been properly implemented. Sometimes use cases and requirements drive this testing. But no matter what does the driving, the result is the same—a strong emphasis on features and functions. Because security is not a feature or even a set ...

Get Software Security: Building Security In now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.