[OWASP-Bangalore] Application Pent Test Process query
N. V. R. K. RAJU
nvrkraju4 at gmail.com
Tue May 13 23:18:04 UTC 2014
I had been struggling to give a business justification to my application
owners about application pen test timelines.
We usually quote 2 weeks of application pen test time for any major
releases and new applications.
Our application owners has a constraint for 2 weeks of pen testing time for
getting their applications live.
They understand security risk and get the application tested by squeezing
the timelines to a week or so. And they also aware of risks imposed by
squeezing pen test timeline. However, they have a valid justification for
their own application releases which are frequent every month or so.
What is the best security solution that we can provide to them? They also
take examples of Ebay or other big sites how do they manage security
testing of applications for which they will push updates every overnight?
Any possible process/procedure/solutions/suggestions are welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore