csce548-lect9 - CSCE 548 CSCE 548 Secure Software Secure...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CSCE 548 CSCE 548 Secure Software Secure Software Development Development Penetration Testing Penetration Testing CSCE 548 - Farkas 2 Reading Reading This lecture: Penetration Testing, McGraw: Chapter 6 Next lecture: Risk-Based Security Testing, McGraw: Chapter 7 CSCE 548 - Farkas 3 Application of Touchpoints Application of Touchpoints Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 2. Risk Analysis 3. Penetration Testing 7. Security Operations CSCE 548 - Farkas 4 Software Testing Software Testing Application fulfills functional requirements Dynamic, functional tests late in the SDLC Contextual information CSCE 548 - Farkas 5 Security Testing Security Testing Look for unexpected but intentional misuse of the system Must test for all potential misuse types using Architectural risk analysis results Abuse cases Verify that...
View Full Document

Page1 / 16

csce548-lect9 - CSCE 548 CSCE 548 Secure Software Secure...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online