Security Foundations for Software Testing
Description
Security testing is a type of software testing that allows you to uncover potential vulnerabilities or weaknesses. These weaknesses lead to security risks — which could impact the system, data, or users.
Just like how software testing is performed to check that the software is working as expected; security testing is performed to tell if the software can be misused or exploited to make it do something it shouldn’t — such as give you more data or access than you should have, or make the systems unreliable or unavailable.
In this course, we’re going to learn a bit more about what security testing is, and specifically how we can integrate it into every aspect of our software development life cycle.
Duration
Takes approximately 1 hour to complete
Certification
Course Objectives
Build a solid security testing foundation by introducing concepts, terminologies, and ways of thinking that may be new to you.
Understand the value of security testing and see where it can fit in our software development lifecycle.
Review some common types of security testing, when they should take place, who should be involved, and what tools can help.
Identify different challenges and strategies that you can use to create test cases to help you test functionality for security weaknesses.
Identify techniques for actioning your test outcome, and working as a team to find solutions.
Syllabus
Module 1: Introduction and the value of security testing
Benefits of security testing
Where security testing can fit into the software development lifecycle
Module 2: Types of security testing
Understand some common types of security testing
Learn why it’s done, who does it, and when it takes place in the software development lifecycle
Highlights some advantages and disadvantages of certain types of security testing
Compare and contrast a few security tests that seem really similar
Learn some common security testing methodologies, how they differ, and how they can be applied to your testing practice
Module 3: Planning your test cases
How to expand your functional test cases to include security testing
Apply some practical examples and exercises to practice functional security testing
Understand how to get the most out of exploratory security testing
Module 4: Challenges with security testing
What some of the most common challenges are
Introduce tips and techniques to overcome these challenges
Module 5: Actioning test outcomes
How to communicate the vulnerability and its impact to relevant audiences
Understand the difference between internal and external reporting techniques
Learn how to follow through with the process to make sure issues are resolved and all lessons learned are fed back into the software development lifecycle
Module 6: Security testing tools
Some handy resources to review and bookmark in your favorite browser
Introduction to some common security testing tools