Security Testing

Ensuring the application is secure by identifying vulnerabilities.

Also Known As

• Automated Security Testing (in DevOps)
• Build Quality In (in Lean Software Development)
• Penetration Testing
• Security Assessment
• Vulnerability Testing

Related

• Coding
• Performance Testing
• Monitoring

Addresses / Mitigates

• Security Risk: Identifies and addresses vulnerabilities in the software.
• Operational Risk: Ensures the software can withstand security threats and attacks.
• Contextual Risk: Helps ensure compliance with security standards and regulations.

Attendant Risks

• Schedule Risk: Security testing can be time-consuming, impacting schedules.
• Complexity Risk: Requires specialized skills and tools, adding complexity.
• Staff Risk: Requires security experts.

Used By

• DevOps: Security as Code and Automated Security Testing integrate security practices into the DevOps pipeline.
• Lean Software Development: Lean ensures that security is built into the product from the beginning.

Description

"Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended." - Security testing, Wikipedia

Security Testing involves assessing the security of software applications to identify vulnerabilities and ensure they are protected against threats and attacks. This practice is essential for maintaining the integrity, confidentiality, and availability of software systems.

See:

• Penetration Testing

See Also

DevOps

A set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and provide continuous delivery with high software quality.

Lean Software Development

An Agile software development methodology that emphasizes eliminating waste, building quality in, creating knowledge, deferring commitment, delivering fast, respecting people, and optimizing the whole.