Pen testing and the Secure Software Development Lifecycle

1 Module 3 Sections

Penetration (or pen) testing is an example of a black box DAST (Dynamic Application/Analysis Security Test). It involves software security experts trying to exploit application code either manually or automatically. Although a traditional approach to software security and one which provides no direct insight into the application source code, pen testing remains relevant despite the advent of the "shift left" paradigm. Here's why it remains a key component of the Secure Sofware Development Lifecycle (SSDLC).