Pentests; Unit Tests for Security?

In software and systems development… scratch that. Whenever you make any complex device or system it’s best practice to test the parts, and then test the completed system. Testing the parts is often referred to as Unit Testing; the system, well, System testing.

For many reasons clients ask for penetration testing for some small unit or group. Typically they also have some set of rules (ROE) as well that further limit the testing. At this point this is getting awfully close to QA acceptance testing (here’s your test plan, stick to it).

So my question is, if vulnerability assessments are routine validation, and penetration tests are essentially Unit Tests of particular sections of the environment, where’s the System Test? Wait, scratch that too. The system test is the one you get for free; at least until the incident response team shows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s