April 23, 2008
One of the best ways for network administrators to feel confident is to have their networks deliberately attacked, and to survive. This explains the popularity of penetration testing (asking an expert to try to penetrate your networks). Recently, Q-CERT has been developing a more general methodology for assessing weaknesses in a software system. The System-Security Assessment Process, or S-SAP, builds on commonly used standards such as OSSTMM and OWASP, incorporating them into a unified, rationalized framework. In the coming weeks, we will present more detailed information on the methodology, but we start the series with an overview of S-SAP.