So pick one that’s useful in identifying application vulnerabilities and can be reasonably attained in a period of two to eight hours. That helps keep you on track and prevents you from getting discouraged. Examples of goals at the beginning of an assessment include identifying all the entry points in the code and making lists of known potentially vulnerable functions in use (such as unchecked string manipulation functions). Later goals might include tracing a complex and potentially vulnerable pathway or validating the design of a higher-level component against the implementation.
- Chapter 4. Application Review Process
- from The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
- Publisher: Addison-Wesley Professional
- Released: November 2006
Share this highlighthttp://www.safaribooksonline.com/a/the-art-of/57630/