Sunday, August 27, 2006

White Box security testing

Interesting article on white box security testing and automated testing tools at Dr Dobbs Portal.

"Whitebox testing is notoriously difficult to do. Without automatic code scanning tools, scanning the source code requires a keen eye, concentration and an enormous amount of time to scan each line for security vulnerabilities. As intruders become more sophisticated at finding security vulnerabilities and writing exploitative code, it becomes more necessary to take every precaution before shipping software.These precautions can range from security training throughout the security development lifecycle (SDLC) to using tools such as source code scanners and vulnerability scanners. "

The article covers:

State of the Field
Security Exposure
When to Use Static Analysis Tools
Good Attributes to Watch Out For

For services for software security testing of applications, systems or infrastructure.