Software Security Engineering - Build Security In - US-CERT
Software Security Engineering - Build Security In - US-CERT
Software Security Engineering - Build Security In - US-CERT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Coding and Testing Practices 4<br />
Practices in<br />
Recommended<br />
Order Description Maturity Audience<br />
Test cases using a<br />
range of security<br />
test strategies<br />
Use a complement of testing<br />
strategies including whitebox<br />
testing (based on deep<br />
knowledge of the source<br />
code), black-box testing<br />
(focusing on the software’s<br />
externally visible behavior),<br />
and penetration testing<br />
(identifying and targeting<br />
specific vulnerabilities at the<br />
system level)<br />
Relevant for<br />
These Roles<br />
L4 M, L • Project manager<br />
• <strong>Security</strong> analyst<br />
• Test engineer<br />
Thursday, November<br />
06, 2008<br />
<strong>Software</strong> <strong>Security</strong> <strong>Engineering</strong><br />
Nancy R. Mead, October 16, 2008<br />
© 2008 Carnegie Mellon University<br />
47