Please enable JavaScript.
Coggle requires JavaScript to display documents.
Principles of Testing - Coggle Diagram
Principles of Testing
Understand the Subject
-
The architecture, data-flow diagrams, use cases, etc
The technical specification and application documents should include information that lists not only the desired use cases, but also any specifically disallowed use cases
Have at least a basic security infrastructure that allows the monitoring and trending of attacks against an organization’s applications and network
-
-
-
-
-
-
Think Strategically, Not Tactically
The patch-and-penetrate model involves fixing a reported bug, but without proper investigation of the root cause. This model is usually associated with the window of vulnerability, also referred to as window of exposure
The SDLC is King
Each phase has security considerations that should become part of the existing process, to ensure a cost-effective and comprehensive security program.
-
Test Automation
Put into integrating security tests in to continuous integration/continuous deployment (CI/CD) workflows in order to maintain baseline security information/analysis and identify “low hanging fruit” type weaknesses
Use the Right Tools
These tools can simplify and speed up the security process by assisting security personnel in their tasks
Document the Test Result
It is important to produce a formal record of what testing actions were taken, by whom, when they were performed, and details of the test findings