How to know the security or penetration test coverage

Does anyone know how to understand the security or penetration test coverage?

I found the traditional method for functional test coverage measurement is not quite useful for security test. Because for security test, actually, you don't need to cover every logic branch. If you cover the whole URLs and parameters, basically, you cover everything.

Any idea?

Thanks.

Answers


One possible metric for coverage of a web application security assessment is the range of issues tested for. At a bare minimum, the OWASP Top 10 issues should be tested for, but a high quality assessment will properly assess business logic and application specific issues. Also, the tester should have an understanding of any specific technologies used by the web application (e.g. Adobe Flash, Google Gears).

Penetration testing is a specialist activity, so get a trustworthy and respected company to perform the testing. In the UK, the CHECK scheme is highly respected, a list of certified companies can be found here: http://www.crest-approved.org/member_companies.php

Full disclosure: I work for Verizon Business who offer penetration testing services.


Need Your Help

How can I solve the error: entity GroceryItems is not key value coding-compliant for the key “hasLocations”

core-data crash entity-relationship

What follows is everything I can possibly think of as background to try and identify the source of the error. I will, of course, provide any other information that may be helpful. Thanks in advan...

Use Navigation History in Eclipse RCP

java eclipse eclipse-plugin eclipse-rcp

I like to use the navigation history provided by Eclipse in my RCP Application. Unfortunately this feature isn't well documented. In fact I only found this Wiki entry:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.