security assessment – Ryan Armstrong

Challenges in Scoring Application Security Test Findings

March 25, 2024 / Ryan Armstrong

A simplified description of application security testing (or penetration testing) is a task that involves identifying application vulnerabilities and reporting how they were identified such that they can be replicated and ultimately remediated. I would like to complicate (refine) this definition to discuss two very important missing components: The distinction between vulnerabilities and weaknesses is […]

Challenges in Scoring Application Security Test Findings Read More »

Preparing a Mobile Application for Security Testing

Security testing comes in many forms. For our purposes, we will consider manually-driven, black-box testing that aims to identify the maximal set of vulnerabilities that can be identified within an application. Terminology can be contentious, but this is widely referred to as an application penetration test, which includes an attempt to exploit identified vulnerabilities, demonstrating