Penetration testing
Through penetration testing, organizations simulate attacks against software systems to assess weaknesses. Organizations can take numerous approaches to pen testing, including experimental methods like chaos engineering, to pinpoint vulnerabilities and boost confidence in the strength of systems. Learn how to do it and pros and cons in this section.
Top Stories
-
Feature
27 Apr 2021
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Tip
26 Feb 2021
5 steps to conduct network penetration testing
Enterprises that want to ensure competent network security strategies should look at how they can implement penetration testing, considering red teams and physical pen tests. Continue Reading
-
Feature
25 Feb 2021
Advice on how to learn network penetration testing skills
As beginners learn network penetration testing skills, they should remember these expert tips: Pay attention to what the client wants, and stick to offense, not defense. Continue Reading
-
News
31 Aug 2020
Developers must consider low-code app security
Security is baked into most low-code development platforms, but developers still need to pay attention to security issues and test for vulnerabilities. Continue Reading
-
Tip
06 May 2020
Complete guide to penetration testing best practices
Pen testing uncovers security vulnerabilities before hackers do. Use this guide to learn about the tooling options, test types, use cases and common flaws in software penetration testing. Continue Reading
-
Tip
24 Mar 2020
How to set up a chaos engineering game day
Is it fun to spend the day breaking stuff in a war room with your coworkers? Of course, but more than that, it's vital to the security and stability of certain applications. Continue Reading
-
Podcast
31 Jan 2020
How Python makes automating security tasks a snap
Security professionals with coding skills can get a lot done in not a lot of time. Hear why Python suits beginners and how it puts security and developers on the same team. Continue Reading
-
Answer
26 Sep 2019
Penetration testing vs. red team: What's the difference?
Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading
-
Tip
29 Mar 2019
Apply automated security scanning during app development
For developers, security is not often a high priority -- but it should be. Automated security scanning tools can help detect and address weaknesses before evildoers discover them. Continue Reading
-
News
21 Feb 2019
GitHub security bug bounty program stretches to enterprise cloud
GitHub's bug bounty program for 2019 increases the reward money for researchers who find security vulnerabilities in the company's code. Continue Reading
-
Tip
28 Aug 2018
Red team assessments and post-assessment posture improvement
Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci. Continue Reading
-
News
19 Feb 2013
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Continue Reading
-
News
08 Jul 2010
SQL injection flaw is a welcome mat for black hats on file-sharing site
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. Continue Reading
-
Tip
17 Mar 2009
Defining requirements during software project feasibility analysis
There are at least two key points in a software project when requirements should be defined. One point people often miss is during feasibility analysis, and failure to define requirements at this stage can doom a project. Continue Reading
-
Answer
21 Jan 2009
Template for requirements use cases
A user is looking for a template for writing requirements use cases. Robin Goldsmith walks through a few interpretations of this question. Continue Reading
-
Tip
22 Dec 2008
Using proactive test design methods to catch requirements issues early
Proactive test design allows QA testers to identify requirements and design problems at an earlier stage than with traditional test cases. Continue Reading
-
Answer
06 Oct 2008
Use cases and SRS for requirements gathering
Before comparing use cases and software requirements specifications, you should know what each is. Requirements expert Robin Goldsmith explains how use cases and SRS work and how to use them for requirements engineering. Continue Reading
-
Answer
26 Aug 2008
Use cases: Who writes them, what data do you include?
Typically a business analyst writes the use cases for a software project. But who writes them doesn't matter as much as what is included in them, says expert Robin Goldsmith. Continue Reading
-
Answer
25 Mar 2008
Testability requirements and verification work
Testability and verifiability are a category of nonfunctional requirements. Expert Roxanne Miller explains how these concepts fit into software requirements engineering. Continue Reading
-
Tip
21 Jan 2008
Testers' involvement in requirements gathering important
In this increasingly complex software development era, it is important to include testing as early in the project as possible. And that means starting with requirements gathering. Continue Reading
-
Answer
21 Jan 2008
Requirements gathering for payroll application
Engineering requirements for a payroll or similar application demands careful consideration. Expert Rob Apmann explains how to approach this complicated task. Continue Reading
-
News
24 Sep 2007
The pros and cons of use case diagrams
Putting too much into a use case diagram can often render the otherwise useful technique of use cases almost useless. Kevlin Henney recommends a more balanced and restrained approach in order to not lose readers in a myriad of bubbles and microscopic text. Continue Reading
-
Answer
19 Sep 2007
How to structure a software requirements document
Effective requirements documentation is essential for any good software project. Expert Karl E. Wiegers explains how to structure your software requirements documents. Continue Reading
-
Answer
06 Aug 2007
Software requirements specification and IEEE standards
What does the IEEE outline for requirements specifications, and how strictly should you abide by that standard? Expert Karl E. Wiegers digs into the details of an SRS. Continue Reading