On Wed, 6 Feb 2013, Doug Davey wrote:
> The point of the audit software is to giving a finite list of flaws. If
> you don't punch holes in your own security, and can detect when others do,
> you can catch the tortoise.
>
> I think that the only way to build a secure site of a large size is to use
> test based programming. That way any change to the program is verified
> against all previous development automatically.
Regression testing, definitely, but more importantly, regression testing
against bad data & input. That latter criteria is what's usually missing
from most test suites. They test that they get want they want from known
input, without testing whether they're immune to bad or fuzzed input.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 6 15:00:25 2013
This archive was generated by hypermail 2.1.8 : Wed Feb 06 2013 - 15:00:25 AKST