Software Integrity

Archive for April 2008

 

Three new books

There are three new books (recently released) that are worth a look. Once is an absolute necessity for any security practitioner. The others may be interesting for some readers of the blog. The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson’s Security Engineering book. Ross did a complete pass […]

Continue Reading...

Posted in Software Security Testing | Comments Off on Three new books

 

Is pen testing security testing?

Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage). These tools are degenerate, at best, in facilitating a security testing strategy. Why? Because, these tools are “black box” tools. What are […]

Continue Reading...

Posted in Application Security, Penetration Testing | Comments Off on Is pen testing security testing?