Posts Tagged ‘securitytest’

Making sense of pen testing, part one

This is the first in a series of posts looking at the current state of pen testing as I see it and presenting some ideas for the future. In this post I will apply a framework to understanding the process of pen testing.

In the next post here I discuss some of the problems I see in pen testing.

Sensemaking

The pentesting process is a form of expert behaviour similar to intelligence analysis where there has been a lot of work understanding the key components of expert performance; this is often broken down into a process flow as follows:

Gather Information → Represent in Expert Schema → Develop Insight → Define Product or Action
(more…)

How to develop a security test strategy, part one

This is the first of a series of posts describing how to put together a security testing strategy and the associated test plans. Part two is here and part three is here.

What is a security test strategy

A security test strategy is a key document deliverable to get into the master plan for delivery. It sets the expectations for everyone involved and gives the project managers and programme managers the material they need to build and run their own plans. (more…)

Twitter RSS