Can anyone tell me if there is any difference between Web Application Penetration Testing and Software Product Penetration Testing. I mean, nowadays, there is no software product that does not connect to the internet...but still, how does one go about performing penetration testing on a software product like an ERP package or Financial Product or even an Email Client.
I tried Google but to no avail. Couldn't find much.Are there any sites where i can get some detailed info in this regard.
Any help in this regard would be greatly appreciated.
[I'm pretty sure that Notepad does not connect to the internet.] [img]images/icons/wink.gif[/img]
Security testing. At the simplest level, there are two things that you need to know. First, you need to know how the application under test was architected. Without understanding the application architecture, you won't have a good idea of what the potential weaknesses and risks are. This is number two.
"The single biggest problem in communication is the illusion that it has taken place."
-George Bernard Shaw, Irish playwright and Nobel Prize winner, 1856-1950
But what i wanted to know was, are there any known vulnerabilities for Software Products like there are for Web Applications. I know that some of the vulnerabilities are common for both but are there any that are specific to Software Security Testing.