• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Continuous Penetration testing

 
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what do you suggest in terms of continuous integration vis-a-vis penetration testing. In your experience have you seen Pen testing done nightly/weekly basis from a CI server(bamboo, Jenkins) etc?
 
Author
Posts: 17
5
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'd say that continuous integration testing is quite a different thing from penetration testing. I have seen where security testing has been built into testing on a regular basis and I think it's valuable when done as part of the development and build process rather than after the fact. Trying to do testing after the fact isn't as helpful and the more security is built into the development process, the better off everyone is. Earlier reporting of issues allows for more rapid fixing. Ideally, before the ship rather than in a patch afterwards.

Ric
 
Paras Jain
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Great. Thanks for the reply. So you are recommending including pen testing as part of the process. Like after every sprint, run pen test to see if there are any issues?
 
Ric Messier
Author
Posts: 17
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think I'd refer to that as penetration testing but after every sprint, I would strongly recommend adding in a variety of security testing to whatever other testing you are doing. Anomaly testing is really good. Boundary testing in a serious way, rather than just testing the programmer's assumptions. Input validation. Lots and lots of input validation, including using anomaly testing.

Ric

 
Grow your own food... or this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic