Tag Archive

Risk Management and Security Testing

Published on April 29, 2011 By admin

Software security is about making software behave in the presence of a malicious attack even though, in the real world, software failures usually happen spontaneously that is, without intentional mischief. Not surprisingly, standard software testing literature is only concerned with what happens when software fails, regardless of intent. The difference between software safety and software [...]

Risk Management and Security Testing

Published on October 22, 2010 By admin

Software security practitioners perform many different tasks to manage software security risks, such as:

Creating security abuse/misuse cases
Listing normative security requirements (and security features and functions)
Performing architectural risk analysis
Building risk-based security test plans
Wielding static analysis tools
Performing security tests
Performing penetration testing in the final environment
Cleaning up after security breaches

Three of these practices are particularly closely linked architectural [...]