Authorized testing of a computer system or network with the intention of finding vulnerabilities. Also called pen testing.
A cyberattack can harm not only your organization, but also customers, partners, employees, and vendors. Penetration testing can reveal vulnerabilities, suggest improvements to your systems, and reduce risk for your organization. In addition, penetration testing is encouraged and even required by certain industry standards.
A test for security vulnerabilities that looks at the source code or binary of an application without running it.
Static Application Security Testing (SAST) can be used before an application is executable, enabling early and regular tests for security vulnerabilities. SAST allows developers to fix problems during the development phase of an application and at a much lower cost than when the code is in quality assurance (QA) or production.
...continue reading "Term of the Week: Static Application Security Testing"
A formal method to identify, characterize, and prioritize risks and threats, typically with the goal of reducing them, also known as threat analysis or risk analysis.
Most software is riddled with vulnerabilities, and software is pervasive in devices such as phones, cars, voting machines, etc. Threat modeling is one of the most effective ways to avoid and find vulnerabilities.
A systematic investigation of network and system activities and events.
Auditing evaluates the who, what, where, and when of events on a network, which helps managers identify critical events that may have an impact on their organization.