Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creating a Security Test Environment?

Posted by kdawson on from the as-sure-as-possible dept.

Enderandrew writes "Our IT department has been tasked with creating a list of authorized software, and only allowing software to be added to such a list after it has been thoroughly tested. In theory that sounds like a great idea — but how should we test apps to make sure they are secure? We have tools to scan internal websites, and we use MBSA for our Windows servers. However, I'm turning to Slashdot to ask what are the best methods for creating a test environment where I can analyze apps for security vulnerabilities. We're a multi-platform shop, but my main concern is with Windows apps."

2 of 167 comments (clear)

  1. Re:The only way to be sure... by Sir_Real · · Score: 4, Interesting

    You can't even be sure when you have the source code.

    Tell the folks who want this list that you must trust someone at some point and that will always leave you vulnerable.

  2. Re:Government... by Foofoobar · · Score: 4, Interesting

    My brother is a high up in the military and complains of this 'seal of approval' constantly. Microsoft salespeople and other constantly will send their products to get 'evaluated' and get the seal of approval the next day as if someone can evaluate their product in 24 hours. Whereas other products that are open source or actually supply the source code can take MONTHS!

    It's totally arbitrary and has very little to do with security.

    --
    This is my sig. There are many like it but this one is mine.