The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
Article on Penetration Testing

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Robert Hurlbut

Posts: 547
Nickname: rhurlbut
Registered: Mar, 2004

Robert Hurlbut is a Principal Consultant with Hurlbut Consulting
Article on Penetration Testing Posted: Dec 10, 2004 1:13 PM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut.
Original Post: Article on Penetration Testing
Feed Title: Robert Hurlbut's .Net Blog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx
Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Robert Hurlbut
Latest Posts From Robert Hurlbut's .Net Blog

Advertisement

[By way of Valery Pryamikov]

Gary McGraw writes today in sc-l mailing list:

The sixth article in my IEEE Security & Privacy magazine series called

"Building Security In" is on Penetration Testing.  This article was

co-authored by Brad Arkin (symantec) and Scott Stender.  As a service to

the community, we're making advance copies available here:

 

http://www.cigital.com/papers/download/bsi6-pentest.pdf

 

I am sure many of you already subscribe to S&P.  If you don't yet, you

should...check out http://www.computer.org/security/

 

Previous articles in the series:

http://www.cigital.com/papers/download/bsi5-static.pdf

http://www.cigital.com/papers/download/misuse-bp.pdf

http://www.cigital.com/papers/download/risk-analysis.pdf

http://www.cigital.com/papers/download/j2oth-qxd.pdf

http://www.cigital.com/papers/download/software-security-gem.pdf

And, Dana Epp cites the same article and a part that really sums up the article:

However, it’s unreasonable to verify that a negative doesn’t exist by merely enumerating actions with the intention to produce a fault, reporting if and under which circumstances the fault occurs. If "negative" tests don't uncover any faults, we've only proven that no faults occur under particular test conditions; by no means have we proven that no faults exist. When applied to security testing, where the lack of a security vulnerability is the negative we're interested in, this means that passing a software penetration test provides very little assurance that an application is immune to attack. One of the main problems with today's most common approaches to penetration testing is misunderstanding this subtle point.

Timely, and indpendent of the article, I have submitted a proposal to talk on Penetration Testing with ASP.NET Applications at Code Camp III.

Read: Article on Penetration Testing

Topic: ATTENTION: RSS Subscribers to ComputerZen.com using my Radio RSS FEED Previous Topic   Next Topic Topic: The Horrors of Affiliate Advertising Joel on Software entry
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use