Security Testing Demystified
May 4, 2007, 9:43 am
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp
http://www.hackingspirits.com/eth-hac/papers/SecTesting.zip
This article has been written in very simple language which can be understood not only by security testers but also can be read & understood by non-technical managers as well.
Just to summarise, this article doesn't talk anything specific about a particular type of attack rather demonstrate a holistic approach for security testing. At a broader level it covers the following areas -
- Anatomy of Security Testing
o Understanding the product and its architecture
o Identifying possible attack vectors
o Preparation of test cases
o Vulnerability Research & Discovery
o Exploitation of vulnerabilities found
o Compilation of final security testing report
o Final discussions of bug findings and fixes