Difference between revisions of "CRV2 360Review"

From OWASP
Jump to: navigation, search
(Created page with " == 360 Reviews - outsidein & inside out == The term 360 degree reivews some from coupling source code review and dynamic testing.<br> Dynamic testing is in effect runtime pen...")
 
Line 1: Line 1:
  
== 360 Reviews - outsidein & inside out ==
+
== 360 Reviews - outside-in & inside-out ==
 
The term 360 degree reivews some from coupling source code review and dynamic testing.<br>
 
The term 360 degree reivews some from coupling source code review and dynamic testing.<br>
 
Dynamic testing is in effect runtime penetration testing. It can also be ferered to as hybrid testing.<br>
 
Dynamic testing is in effect runtime penetration testing. It can also be ferered to as hybrid testing.<br>

Revision as of 08:42, 12 December 2013

360 Reviews - outside-in & inside-out

The term 360 degree reivews some from coupling source code review and dynamic testing.
Dynamic testing is in effect runtime penetration testing. It can also be ferered to as hybrid testing.

As mentioned in previous sections source code review can assess an application of issues which may otherwise be difficult to assess.
Issues such as information leakage, logging of sensitive data, privacy and other items in relation to general good-health of an application may have significant impact in terms of regulatory compliance.
Assessing the cryptographic controls is suited well for sourec code review but testing authentication functionality is easier to deliver via dynamic testing.
When perfroming a penetration test it is very valueable if one can map a discovered vulnerability or parameter to a class file or script in the application source code.
such mapping assists the developer in both understanding and addressing the issue.