CRV2 CantHackSecure

From OWASP
Jump to: navigation, search

We cant hack ourselves secure. Penetration testing is generally a point in time test. As source code changes the value of the findings of a penetration test degrade with time. There are also privacy, compliance and stability and availability concerns which are generally not covered by penetration testing. Data information leakage in a cloud environment for example may not be discovered via a penetration test.