• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Continuous Penetration testing

 
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what do you suggest in terms of continuous integration vis-a-vis penetration testing. In your experience have you seen Pen testing done nightly/weekly basis from a CI server(bamboo, Jenkins) etc?
 
Author
Posts: 17
5
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'd say that continuous integration testing is quite a different thing from penetration testing. I have seen where security testing has been built into testing on a regular basis and I think it's valuable when done as part of the development and build process rather than after the fact. Trying to do testing after the fact isn't as helpful and the more security is built into the development process, the better off everyone is. Earlier reporting of issues allows for more rapid fixing. Ideally, before the ship rather than in a patch afterwards.

Ric
 
Paras Jain
Ranch Hand
Posts: 141
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Great. Thanks for the reply. So you are recommending including pen testing as part of the process. Like after every sprint, run pen test to see if there are any issues?
 
Ric Messier
Author
Posts: 17
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think I'd refer to that as penetration testing but after every sprint, I would strongly recommend adding in a variety of security testing to whatever other testing you are doing. Anomaly testing is really good. Boundary testing in a serious way, rather than just testing the programmer's assumptions. Input validation. Lots and lots of input validation, including using anomaly testing.

Ric

 
Tongue wrestling. It's not what you think. And here, take this tiny ad. You'll need it.
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic