1 / 5

Open Ended Vulnerability Testing Update

Open Ended Vulnerability Testing Update. Nelson Hastings National Institute of Standards and Technology http://vote.nist.gov. Motivation. The VVSG 2.0 provides open ended vulnerability testing (OEVT) as a test methodology

metta
Download Presentation

Open Ended Vulnerability Testing Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Ended Vulnerability Testing Update Nelson Hastings National Institute of Standards and Technology http://vote.nist.gov

  2. Motivation • The VVSG 2.0 provides open ended vulnerability testing (OEVT) as a test methodology • Update on research related to OEVT to support EAC certification program • Key issues: Cost and Repeatability

  3. Methodologies Flaw hypotheses Security assertion based hypotheses Security fault analysis Ad hoc penetration testing No one methodology is satisfying, use the best aspects of each methodology Research

  4. Keys to Quality OEVT Penetration tester experience and expertise Input to the testing Areas of investigation Allocation of resources Research

  5. Develop OEVT methodology for voting systems Based on best features of the different methodologies How to use a review panel to help uniformity in OEVT Review of OEVT tester qualification Provide input during execution of OEVT Determining resources needed for OEVT Function of system design and implementation quality Function of known vulnerabilities Next Steps

More Related