|
The Role of Security Personnel:
The summarized list is as follows:
- He should act as a resource to the development staff instead of an obstacle.
- He should be consulted early in the project (during the design and architecture phases).
- He should make sure security is fairly represented during each phase of the life cycle.
- He should not hold “security reviews” only at the end of project to determine whether an application is secure.
- He should not rely too much on
Black Box Testing (Testing without using architecture and code)
- Red Teaming (Simulate what hackers do)
QUESTION: What is the problem with red teaming?
ANSWER: A real attacker may be more motivated than a group of people paid to look for problems.
|
