moksh
Joined: 31 Aug 2007
Posts: 17
|
 Posted: Fri Aug 31, 2007 7:48 am Post subject: Security Testing Methodology |
 |
|
Without a security testing methodology, the actual test tends to be all over the place. One tester actually described this once to me as his test being "a mess" without it. The real answer is that a methodology is required to test anything thoroughly.
As humans, we take short-cuts. We assume we know an answer or we know what's going on because of past experiences and we cut to the chase because time is money and all that.A good security methodology does not let you do that. A good open source methodology means that many many people don't let you do that.
The open source concept actually means that anyone can contribute the ideas for thoroughness and it's not just up to one person, one group, or one authority. While not quite meritocratic as a meritocracy implies, we follow the person with more "wins." In other words, we are democratic as democracy works better for principles and ideas than facts. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
