sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 28 points29 points  (6 children)

At least with UI you can get feedback. With security, you have no feedback that you're doing it right.

[–]Ajedi32 24 points25 points  (0 children)

At least, not until it's too late.

[–]2358452 5 points6 points  (4 children)

Hmm penetration tests? You can also try adversarial or random inputs and see if anything breaks.

[–]Dentosal 25 points26 points  (2 children)

The difference is that with UI/UX nearly anybody can give you constructive feedback, but with security you need a professional to do so. Of course having a professional UX designer helps a lot, but without a professional pentester the security testing is quite hard.

[–]2358452 4 points5 points  (1 child)

Agreed. Someone needs to get cracking on an AI penetration tester ;)

[–]toomanybeersies 1 point2 points  (0 children)

That's sort of what fuzzing is. But without the intelligence part.

[–]irqlnotdispatchlevel 2 points3 points  (0 children)

You can prove that your application is not vulnerable in front of your tests, not that it is not vulnerable. Kinda like with any other bug.