This page contains a Flash digital edition of a book.
38 | Testing security
People are now spending more money on getting code
right in the first place than they are on proving it’s wrong.
However, this doesn’t signal the end of the road for
penetration testing, nor should it, but it does change things.
Rather than being a standalone ‘product’, it’s going to be
more like a product feature. Penetration testing is going to
cease being an end unto itself and re-emerge as part of a
more comprehensive security solution.
companies both made web application a sneak preview of what the future
penetration testing products. IBM holds, check out the work White Hat
and HP spent serious money for these Security has done to integrate their
companies – not crazy dotcom prices, vulnerability measurement service
but even at HP and IBM you have to with Web application firewalls. This is
tell a good story before you get to attack and defence working together
spend upwards of seventy million in a creative new way.
dollars. The good story was that the
acquired technology would work Evolve or die
together with other products and More than ever before, people
services to fuel a broad entrée into understand the software security
a rapidly-growing software security challenge, and penetration testing
market. It takes a little while to digest deserves credit for helping spread
any acquisition, but by now it’s been the word. But knowing a security
long enough. 2009 will be the year this problem exists is not the same as
strategy comes together, and when knowing how to fix it. In other words,
we look back, it will be the year when penetration testing is good for finding
most of the world began thinking the problem but doesn’t help in finding
about penetration testing as part of a the solution – and that’s why it must
larger offering. take a long hard look at itself and then
There will always be boutique make a change. Just like the venerable
security consulting companies with spell checker, it’s going to die and
Brian Chess
Chief Scientist
funny names and exotic services, but come back in a less distinct but more
Fortify Software
the industry will grow by integrating pervasive form and I, for one,
www.fortify.com
security yin and yang. If you’d like can’t wait.
T.E.S.T | March 09 March 09 | T.E.S.T
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com