This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

CRV2 CantHackSecure

Jump to: navigation, search

We cant hack ourselves secure. Penetration testing is generally a point in time test. As source code changes the value of the findings of a penetration test degrade with time. There are also privacy, compliance and stability and availability concerns which are generally not covered by penetration testing. Data information leakage in a cloud environment for example may not be discovered via a penetration test.