Integrating Security Testing into Quality Control

ثبت نشده
چکیده

At a time when 82% of all application vulnerabilities are found in web applications 1 , CIOs are looking for traditional and non-traditional approaches to reduce the number of vulnerabilities present in their application assets. Traditional approaches can range from training developers in secure coding practices to hiring professional security testers. This paper focuses on a non-traditional approach that leverages existing quality assurance (QA) or quality control (QC) groups to perform high-level functional security testing. The goal of this approach is not necessarily to turn QA/QC groups into ethical hackers, but to add another layer of security testing that is not traditionally employed. Adding this layer can increase the number of vulnerabilities detected and removed in web applications prior to release. This non-traditional approach is best suited for organizations that lack a dedicated software security group (SSG) or security specialists.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Closing gaps: integrating food safety management systems into the veterinary curriculum, as a tool to improve food quality and trade

متن کامل

Integrating Portfolio-Assessment into the Writing Process: Does it Affect a Significant Change in Iranian EFL Undergraduates’ Writing Achievement? A Mixed-Methods Study

The paradigm shift from testing the outcome to assessing the learning of process shines a light on the alternative assessment approaches, among which portfolio-assessment has sparked researchers’ interest in writing instruction. This study aimed at investigating the effect of portfolio-assessment on Iranian EFL students’ writing achievement through the process-centered approach to writi...

متن کامل

Automated Security Testing for Applications Integrating Third-Party Services

Modern applications have become increasingly complex in both function and construction. Commerce websites use inferred user preferences to show relevant merchandise, banking websites implement complex transaction protocols, social networks need to safeguard sensitive user information, and mobile applications incorporate authentication, sharing, and payment mechanisms. Third-party services have ...

متن کامل

An automatic test case generator for evaluating implementation of access control policies

One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...

متن کامل

Integrating Fuzzy Inference System, Image Processing and Quality Control to Detect Defects and Classify Quality Level of Copper Rods

Human-based quality control reduces the accuracy of this process. Also, the speed of decision making in some industries is very important. For removing these limitations in human-based quality control, in this paper, the design of an expert system for automatic and intelligent quality control is investigated. In fact, using an intelligent system, the accuracy in quality control is increased. It...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011