Penetration testing

Through penetration testing, organizations simulate attacks against software systems to assess weaknesses. Organizations can take numerous approaches to pen testing, including experimental methods like chaos engineering, to pinpoint vulnerabilities and boost confidence in the strength of systems. Learn how to do it and pros and cons in this section.

Top Stories

Feature 27 Apr 2021
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
Feature 27 Apr 2021
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading

Tip 26 Feb 2021

5 steps to conduct network penetration testing

Enterprises that want to ensure competent network security strategies should look at how they can implement penetration testing, considering red teams and physical pen tests. Continue Reading
Feature 25 Feb 2021

Advice on how to learn network penetration testing skills

As beginners learn network penetration testing skills, they should remember these expert tips: Pay attention to what the client wants, and stick to offense, not defense. Continue Reading
News 31 Aug 2020

Developers must consider low-code app security

Security is baked into most low-code development platforms, but developers still need to pay attention to security issues and test for vulnerabilities. Continue Reading
Tip 06 May 2020

Complete guide to penetration testing best practices

Pen testing uncovers security vulnerabilities before hackers do. Use this guide to learn about the tooling options, test types, use cases and common flaws in software penetration testing. Continue Reading
Tip 24 Mar 2020

How to set up a chaos engineering game day

Is it fun to spend the day breaking stuff in a war room with your coworkers? Of course, but more than that, it's vital to the security and stability of certain applications. Continue Reading
Podcast 31 Jan 2020

How Python makes automating security tasks a snap

Security professionals with coding skills can get a lot done in not a lot of time. Hear why Python suits beginners and how it puts security and developers on the same team. Continue Reading
Answer 26 Sep 2019

Penetration testing vs. red team: What's the difference?

Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading
Tip 29 Mar 2019

Apply automated security scanning during app development

For developers, security is not often a high priority -- but it should be. Automated security scanning tools can help detect and address weaknesses before evildoers discover them. Continue Reading
News 21 Feb 2019

GitHub security bug bounty program stretches to enterprise cloud

GitHub's bug bounty program for 2019 increases the reward money for researchers who find security vulnerabilities in the company's code. Continue Reading
Tip 28 Aug 2018

Red team assessments and post-assessment posture improvement

Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci. Continue Reading
News 19 Feb 2013

Top ten mobile application threats to enterprise security

Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Continue Reading
News 08 Jul 2010

SQL injection flaw is a welcome mat for black hats on file-sharing site

Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. Continue Reading
Tip 17 Mar 2009

Defining requirements during software project feasibility analysis

There are at least two key points in a software project when requirements should be defined. One point people often miss is during feasibility analysis, and failure to define requirements at this stage can doom a project. Continue Reading
Answer 21 Jan 2009

Template for requirements use cases

A user is looking for a template for writing requirements use cases. Robin Goldsmith walks through a few interpretations of this question. Continue Reading
Tip 22 Dec 2008

Using proactive test design methods to catch requirements issues early

Proactive test design allows QA testers to identify requirements and design problems at an earlier stage than with traditional test cases. Continue Reading
Answer 06 Oct 2008

Use cases and SRS for requirements gathering

Before comparing use cases and software requirements specifications, you should know what each is. Requirements expert Robin Goldsmith explains how use cases and SRS work and how to use them for requirements engineering. Continue Reading
Answer 26 Aug 2008

Use cases: Who writes them, what data do you include?

Typically a business analyst writes the use cases for a software project. But who writes them doesn't matter as much as what is included in them, says expert Robin Goldsmith. Continue Reading
Answer 25 Mar 2008

Testability requirements and verification work

Testability and verifiability are a category of nonfunctional requirements. Expert Roxanne Miller explains how these concepts fit into software requirements engineering. Continue Reading
Tip 21 Jan 2008

Testers' involvement in requirements gathering important

In this increasingly complex software development era, it is important to include testing as early in the project as possible. And that means starting with requirements gathering. Continue Reading
Answer 21 Jan 2008

Requirements gathering for payroll application

Engineering requirements for a payroll or similar application demands careful consideration. Expert Rob Apmann explains how to approach this complicated task. Continue Reading
News 24 Sep 2007

The pros and cons of use case diagrams

Putting too much into a use case diagram can often render the otherwise useful technique of use cases almost useless. Kevlin Henney recommends a more balanced and restrained approach in order to not lose readers in a myriad of bubbles and microscopic text. Continue Reading
Answer 19 Sep 2007

How to structure a software requirements document

Effective requirements documentation is essential for any good software project. Expert Karl E. Wiegers explains how to structure your software requirements documents. Continue Reading
Answer 06 Aug 2007

Software requirements specification and IEEE standards

What does the IEEE outline for requirements specifications, and how strictly should you abide by that standard? Expert Karl E. Wiegers digs into the details of an SRS. Continue Reading