Security Testing Methodology
Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=2715
Printed Date: 08Jul2024 at 4:51am
Topic: Security Testing Methodology
Posted By: tanushree
Subject: Security Testing Methodology
Date Posted: 08Oct2007 at 12:17am
Why do we need a security testing methodology? And why open source?
Without a security testing methodology, the actual test tends to be all over the place. One tester
actually described this once to me as his test being "a mess" without
it. The real answer is that a methodology is required to test anything
thoroughly. As humans, we take short-cuts. We assume we know an answer or we
know what's going on because of past experiences and we cut to the chase
because time is money and all that.
However, when that happens, we leave many
unverified (unanswered) questions and report our assumptions as if they were
facts. A good security methodology does not let you do that. A good open source
methodology means that many many people don't let you do that. The open source
concept actually means that anyone can contribute the ideas for thoroughness
and it's not just up to one person, one group, or one authority. While not
quite meritocratic as a meritocracy implies, we follow the person with more
"wins." In other words, we are democratic as democracy works better
for principles and ideas than facts. It is a successful peer review where our
reviewers need to show how they got their answers.
|
|