Print Page | Close Window

Why do we need a security testing methodology?

Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=85
Printed Date: 24Dec2024 at 8:16pm


Topic: Why do we need a security testing methodology?
Posted By: Amrita
Subject: Why do we need a security testing methodology?
Date Posted: 17Feb2007 at 9:51am



Why do we need a security testing methodology? And why open source?

         

        Without a security testing methodology, the actual test tends to be all over the place. One tester actually described this once to me as his test being "a mess" without it. The real answer is that a methodology is required to test anything thoroughly. As humans, we take short-cuts. We assume we know an answer or we know what's going on because of past experiences and we cut to the chase because time is money and all that. However, when that happens, we leave many unverified (unanswered) questions and report our assumptions as if they were facts. A good security methodology does not let you do that. A good open source methodology means that many many people don't let you do that. The open source concept actually means that anyone can contribute the ideas for thoroughness and it's not just up to one person, one group, or one authority. While not quite meritocratic as a meritocracy implies, we follow the person with more "wins." In other words, we are democratic as democracy works better for principles and ideas than facts. It is a successful peer review where our reviewers need to show how they got their answers.






Print Page | Close Window