appsec

Challenges in Scoring Application Security Test Findings

A simplified description of application security testing (or penetration testing) is a task that involves identifying application vulnerabilities and reporting how they were identified such that they can be replicated and ultimately remediated. I would like to complicate (refine) this definition to discuss two very important missing components: The distinction between vulnerabilities and weaknesses is …

Challenges in Scoring Application Security Test Findings Read More »

Preparing a Mobile Application for Security Testing

Security testing comes in many forms. For our purposes, we will consider manually-driven, black-box testing that aims to identify the maximal set of vulnerabilities that can be identified within an application. Terminology can be contentious, but this is widely referred to as an application penetration test, which includes an attempt to exploit identified vulnerabilities, demonstrating …

Preparing a Mobile Application for Security Testing Read More »

Getting Started in Web Application Penetration Testing

As the complexity and diversity of our connected systems expand, the need for specialized offensive security skills is increasing. In particular, specialization in application security has been forecast to drive the growth in penetration testing services. Combined with the allure that comes with breaking into systems as a career, it’s no surprise there are many …

Getting Started in Web Application Penetration Testing Read More »