Security testing is a type of software testing that allows you to uncover potential vulnerabilities or weaknesses. These weaknesses lead to security risks — which could impact the system, data, or users.
Just like how software testing is performed to check that the software is working as expected; security testing is performed to tell if the software can be misused or exploited to make it do something it shouldn’t — such as give you more data or access than you should have, or make the systems unreliable or unavailable.
In this course, we’re going to learn a bit more about what security testing is, and specifically how we can integrate it into every aspect of our software development life cycle.
- Build a solid security testing foundation by introducing concepts, terminologies, and ways of thinking that may be new to you.
- Understand the value of security testing and see where it can fit in our software development lifecycle.
- Review some common types of security testing, when they should take place, who should be involved, and what tools can help.
- Identify different challenges and strategies that you can use to create test cases to help you test functionality for security weaknesses.
- Identify techniques for actioning your test outcome, and working as a team to find solutions.
Module 1: Introduction and the value of security testing
- Benefits of security testing
- Where security testing can fit into the software development lifecycle
Module 2: Types of security testing
- Understand some common types of security testing
- Learn why it’s done, who does it, and when it takes place in the software development lifecycle
- Highlights some advantages and disadvantages of certain types of security testing
- Compare and contrast a few security tests that seem really similar
- Learn some common security testing methodologies, how they differ, and how they can be applied to your testing practice
Module 3: Planning your test cases
- How to expand your functional test cases to include security testing
- Apply some practical examples and exercises to practice functional security testing
- Understand how to get the most out of exploratory security testing
Module 4: Challenges with security testing
- What some of the most common challenges are
- Introduce tips and techniques to overcome these challenges
Module 5: Actioning test outcomes
- How to communicate the vulnerability and its impact to relevant audiences
- Understand the difference between internal and external reporting techniques
- Learn how to follow through with the process to make sure issues are resolved and all lessons learned are fed back into the software development lifecycle
Module 6: Security testing tools
- Some handy resources to review and bookmark in your favorite browser
- Introduction to some common security testing tools