Topic: Security Testing Methodology

Message

   Why do we need a security testing methodology? And why open source?

																Without a security testing methodology, the actual test tends to be all over the place. One tester
																actually described this once to me as his test being "a mess" without
																it. The real answer is that a methodology is required to test anything
																thoroughly. As humans, we take short-cuts. We assume we know an answer or we
																know what's going on because of past experiences and we cut to the chase
																because time is money and all that.

	However, when that happens, we leave many
																unverified (unanswered) questions and report our assumptions as if they were
																facts. A good security methodology does not let you do that. A good open source
																methodology means that many many people don't let you do that. The open source
																concept actually means that anyone can contribute the ideas for thoroughness
																and it's not just up to one person, one group, or one authority. While not
																quite meritocratic as a meritocracy implies, we follow the person with more
																"wins." In other words, we are democratic as democracy works better
																for principles and ideas than facts. It is a successful peer review where our
																reviewers need to show how they got their answers.

Author	Message
tanushree Senior Member Joined: 04Apr2007 Online Status: Offline Posts: 2160	Topic: Security Testing Methodology Posted: 08Oct2007 at 12:17am
	Why do we need a security testing methodology? And why open source? Without a security testing methodology, the actual test tends to be all over the place. One tester actually described this once to me as his test being "a mess" without it. The real answer is that a methodology is required to test anything thoroughly. As humans, we take short-cuts. We assume we know an answer or we know what's going on because of past experiences and we cut to the chase because time is money and all that. However, when that happens, we leave many unverified (unanswered) questions and report our assumptions as if they were facts. A good security methodology does not let you do that. A good open source methodology means that many many people don't let you do that. The open source concept actually means that anyone can contribute the ideas for thoroughness and it's not just up to one person, one group, or one authority. While not quite meritocratic as a meritocracy implies, we follow the person with more "wins." In other words, we are democratic as democracy works better for principles and ideas than facts. It is a successful peer review where our reviewers need to show how they got their answers. Post Resume: Click here to Upload your Resume & Apply for Jobs

	IP Logged


One Stop Testing Forum : Types Of Software Testing @ OneStopTesting : Security Testing @ OneStopTesting