The most important question you have to answer is: What are we trying to accomplish here? Do you need an all out...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
assessment so you can sleep at night knowing your customers have gotten the most secure application from your team? Or, are you trying to meet some basic minimum security standards from a customer, business partner, or regulatory body such as those mandated by the PCI Standards Council?
The main areas to test center around user access, data input, and system configuration. Look at all of these areas from the perspectives of both untrusted outsiders (without authentication) and trusted insiders (with authentication). A combination of good vulnerability scanners, source code analyzers, and manual analysis across these main areas will serve to uncover the security flaws that matter in your environment - especially if you already have a documented set of requirements and standards upon which the application was built.
Dig Deeper on Software Quality Resources
Related Q&A from Kevin Beaver
The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains ...continue reading
Enterprise network security expert Kevin Beaver compares and contrasts the roles of an inbound firewall and an outbound firewall. Find out what the ...continue reading
Knowing how to test for security flaws is vital, but it's a complicated and changing field. Expert Kevin Beaver offers security testing basics.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.