0

Open-Source Security Testing Methodology (OSSTMM) can this testing metholody applied for software applications for test its secuirty concerns ?

Sudantha
  • 15,684
  • 43
  • 105
  • 161

1 Answers1

1

Yes it can. The elements of the OSSTMM for measuring the attack surface are completely applicable to code. You should check out the SCARE project which is the Source Code Analysis Risk Evaluation. It shows how one can measure the operational attack surface from the source code. It's available at http://www.isecom.org/scare

pete
  • 26
  • 1