Source |
Network World |
Identifiant |
351896 |
Date de publication |
2017-04-04 04:53:00 (vue: 2017-04-04 04:53:00) |
Titre |
What makes a good application pen test? Metrics |
Texte |
When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it's very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
after again all always application applications are article assessments basics: beats benefit but click code coding comes comment creating defects deployment depth developers developing development environment exist focusing from full getting goes good have here how include know known leave likely makes metrics more nothing organizations part pen pipeline please quality read regime right secure security series should such test testing tests then through uncovered very vetted vulnerabilities well what when yet |
Tags |
|
Stories |
|
Notes |
|
Move |
|