Added-value of high level security evaluation methodology versus Push-button testing

Added-value of high level security evaluation methodology versus Push-button testing

This white paper deals with current practices used in high level security evaluation methodology concerning vulnerability assessment, penetration testing and attack rating. It is compared to the trend in Common Criteria to use push-button testing usually applied in low level security evaluation methodology.

It does not argue against automated testing but clarifies what both approaches can provide as assurance and what are the limitations.

pentesting1