Security Testing

Describes some of the issues involved in testing the various interfaces through which software communicates with its environment. These include:

  • Identification of architectural, design, and implementation risks
  • Risk-driven test creation
  • Dependency attacks
  • User Interface attacks
  • File system attacks
  • Design attacks
  • Implementation attacks
  • Penetration testing
  • Static vulnerability scanning
  • Test coverage
  • Test depth analysis

The primary objective is to improve the understanding of some of the processes of security testing, such as test vector generation, test code generation, results analysis, and reporting. This will help testers to improve the generation of test vectors and increase confidence in the tests of security function behaviors.