Are required tools and people available to complete work on schedule?

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

Licensing for any software tools should be obtained specific to client. For example, commercial security vulnerability scanning tools typically require license keys specifically tailored to client IP addresses and/or URLs. Some of the more common tools used in security assessments include network scanners, Web application scanners, host assessment scripts, database analysis software, wireless access point detection gear, fuzzers and source/binary code review software. Specialists/technicians should be available as scheduled to perform their work so that downstream dependencies don't have to wait (e.g., the SQL expert should schedule his analysis so that the dependent Web application security review can also be completed in a timely manner).

This was first published in May 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: