Please enable JavaScript.
Coggle requires JavaScript to display documents.
Principles of Testing - Coggle Diagram
Principles of Testing
Think Strategically, Not Tactically
the typical window of vulnerability does not provide enough time for patch installation, since the time between a vulnerability being uncovered and an automated attack against it being developed and released is decreasing every year.
-
Developers can build security into the SDLC by developing standards, policies, and guidelines that fit and work within the development methodology.
-
The SDLC is King
The SDLC is a process that is well-known to developers. By integrating security into each phase of the SDLC
-
-
-
-
Understand the Subject
One of the first major initiatives in any good security program should be to require accurate documentation of the application.
The technical specification and application documents should include information that lists not only the desired use cases, but also any specifically disallowed use cases.
Use the Right Tools
While we have already stated that there is no silver bullet tool, tools do play a critical role in the overall security program.
it is important to understand exactly what these tools can and cannot do so that they are not oversold or used incorrectly.
Develop Metrics
It is important to track the results of testing engagements, and develop metrics that will reveal the application security trends within the organization
Consistent metrics that can be generated in an automated way from available source code will also help the organization in assessing the effectiveness of mechanisms introduced to reduce security bugs in software development.
Test Automation
Integrating security tests in to continuous integration/continuous deployment (CI/CD) workflows in order to maintain baseline security information/analysis and identify “low hanging fruit” type weaknesses.
-
-
-
