U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.


Security Testing

Describes some of the issues involved in testing the various interfaces through which software communicates with its environment. These include:

  • Identification of architectural, design, and implementation risks
  • Risk-driven test creation
  • Dependency attacks
  • User Interface attacks
  • File system attacks
  • Design attacks
  • Implementation attacks
  • Penetration testing
  • Static vulnerability scanning
  • Test coverage
  • Test depth analysis

The primary objective is to improve the understanding of some of the processes of security testing, such as test vector generation, test code generation, results analysis, and reporting. This will help testers to improve the generation of test vectors and increase confidence in the tests of security function behaviors.

Title Updated datesort ascending
Risk-Based and Functional Security Testing 2013-07-05
Back to Top