|
|
|
|
|
|
by sillysaurus3
3261 days ago
|
|
|
You can't really fail an audit though. The point of an audit is to make your application more secure. Using terms like pass/fail just reinforces a sense of fear where there shouldn't be any. A pentest consists of an analysis period, typically about a week. Then any flaws in your app are communicated to you, along with steps to reproduce them. When you feel you've fixed the issues, a retest is scheduled and the pentesters verify that each flaw has been fixed. A healthy application is one that's pentested on a regular basis. Ideally after every release, though only big companies can afford that. |
|
|
I see, that's a good point I hadn't considered.