The Problems of Security Testing and Unmanageable Reports
I’d like to talk a little bit about security testing, the problem of information overload and issue prioritisation. To do this I intend on broadly discussing some of the problems of the various options for security testing that organisations have.
I’ve written about some related things before, if you’d like a warm up:
- Vulnerability Assessments vs Penetration Tests.
- Security is Hard: Why are you laughing
- Security is Hard: Where do I start
However, I’d like to look a little at security a little more strategically today and to discuss the wider problems with security testing. To centre around the idea that, there are three main problems with the way companies approach security testing: