This page contains a Flash digital edition of a book.
Testing security | 37
I believe it to be universally true that if you’re not paying
attention to security, then you have security problems and
for this very reason penetration testing has been able to
firmly establish its position in software security.
Why the need to evolve? comprehensive approach to improving
I believe it to be universally true security. The best initiatives balance
that if you’re not paying attention the yin and the yang of attack
to security, then you have security and defence.
problems and for this very reason
penetration testing has been able 2008 saw us pass an
to firmly establish its position in inflection point.
software security. Historically, many People are now spending more money
organisations have written code that on getting code right in the first place
they recognise will be insecure and, than they are on proving it’s wrong.
once complete, their first action is to However, this doesn’t signal the end
deploy penetration testing to prove of the road for penetration testing,
this premise, paying for the privilege! nor should it, but it does change
Am I the only one to see the futility of things. Rather than being a standalone
this exercise? Not anymore. ‘product’, it’s going to be more like a
I was not surprised that every one product feature. Penetration testing
of the programmes we talked to is going to cease being an end unto
back in 2008 practiced penetration itself and re-emerge as part of a more
testing (most using external firms) comprehensive security solution.
at one time or another. After all, This kind of thing happens all the
there's nothing like a smoking hot pen time in high-tech. The first PC spell
testing report to get an organisation checkers were standalone programs,
to admit it has a problem. However, but the market for stand-alone spell
as activities earlier in the SDLC are checkers died when they became a
adopted, penetration testing begins standard part of any word processor.
to lose some of its lustre. We found These days spell checkers are
evidence that the role of penetration everywhere (even in my IDE), but
testing lessens (but does not go to there is no market for a standalone
zero) as an organisation gets a handle spell checker. Proof positive: there
on the software security problem. aren’t even any Web 2.0 or iPhone
So here’s the eureka moment: as spell checker startups!
organisations get better at software
security in the first instance, so their So why now?
emphasis on penetration testing to Alright, so why 2009? The time
look for the holes that they know is right because back in 2007,
exist diminishes. IBM bought a company named
Pen testing will get wrapped WatchFire and HP bought a company
into a much larger and far more named SPI Dynamics. The acquired
T.E.S.T | March 09 March 09 | T.E.S.T
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com