Tag: penetration testing

Security bugs are fundamentally different than quality bugs

Posted on by Leave a comment

This topic has come up a few times this year in question period: arguments that quality bugs and security bugs ‘have equal value’, that security testing and QA are ‘the same thing’, that security testing should ‘just be performed by QA’ and that ‘there’s no specific skillset’ required to do security testing versus QA. This…

Continue reading Security bugs are fundamentally different than quality bugs

VAs, Scans and PenTests; not the same thing

Posted on by Leave a comment

I’d like to define a couple of subjects that seem to be confused often in the industry of application security; Vulnerability Assessment (VA), Vulnerability Scan (VA Scan) and Penetration Test (PenTest). They are often used interchangeably, and the differences do not seem to be well-understood; I have seen this misunderstanding used against many clients who…

Continue reading VAs, Scans and PenTests; not the same thing