Paco Hope is a Principal Consultant with Cigital, Inc. and has 12 years of experience in security on mobile, embedded, and web platforms. He has led numerous engagements assessing source code and implementations of mobile phones, lottery systems, casino gaming devices, smart cards and web applications. He is the co-author of The Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security. Mr. Hope also serves on the Application Security Advisory Board of (ISC)2, acting as a subject matter expert for the Certified Information Systems Security Professional (CISSP) and the Certified Secure Software Lifecycle Professional (CSSLP).
Risk-based security testing
Risk-based security testing is about ensuring that we have achieved our software's mission without introducing undue risks to the business. Whereas functional and non-functional testing focus on mapping tests to requirements, risk-based testing maps its activities to the risks we face if our software fails.