Ken, I enjoyed reading your this article. My book "The Art of Software Security Testing" is based on the concept of using penetration techniques as part of the development lifecycle and is specifically targetted at QA professionals. One of my co-authors Elfriede Dustin has written 5 QA books and assured that the book was accessible to that audience.
There are some free chapters of the book available: Chapter 3: The Secure Software Development Lifecycle http://www.devsource.com/article2/0,1895,2055988,00.asp Charter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling http://www.prnewswire.com/mnr/veracode/26386/docs/Wysopal_Rev-Chapter%2004.pdf Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9006870&taxonomyId=17&intsrc=kc_feat Cheers, Chris On Mon, 22 Jan 2007, Kenneth Van Wyk wrote: > Greetings SC-L folk, > > FYI, there's been a wave of new content added to the DHS-funded > software security portal, Build Security In (home URL is http:// > BuildSecurityIn.us-cert.gov). Most recently, a couple of articles > about penetration testing and tools were added (see > https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/ > penetration/655.html?branch=1&language=1). > > (Full disclosure: I'm the author of the pen testing articles, but > don't let that stop you from grabbing them. ;-) > > All of the articles on the BSI portal are free. > > Cheers, > > Ken > ----- > Kenneth R. van Wyk > SC-L Moderator > KRvW Associates, LLC > http://www.KRvW.com > > > > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
