SafeStack logo on purple background

Security Foundations for Software Testing

Security Foundations for Software Testing

  • Takes approximately 1.5 hours to complete

Description

Security testing is a type of software testing that allows you to uncover potential vulnerabilities or weaknesses. These weaknesses lead to security risks — which could impact the system, data, or users.

Just like how software testing is performed to check that the software is working as expected; security testing is performed to tell if the software can be misused or exploited to make it do something it shouldn’t — such as give you more data or access than you should have, or make the systems unreliable or unavailable.

In this course, we’re going to learn a bit more about what security testing is, and specifically how we can integrate it into every aspect of our software development life cycle.

This is a foundations course, and we will dive into more detail of specific aspects of security testing in later courses.

Course objectives

  • Build a solid security testing foundation by introducing concepts, terminologies, and ways of thinking that may be new to you.
  • Understand the value of security testing and see where it can fit in our software development lifecycle.
  • Review some common types of security testing, when they should take place, who should be involved, and what tools can help.
  • Identify different challenges and strategies that you can use to create test cases to help you test functionality for security weaknesses.
  • Identify techniques for actioning your test outcome, and working as a team to find solutions.

Modules

Module 1: Introduction and the value of security testing

  • Benefits of security testing
  • Where security testing can fit into the software development lifecycle

Module 2: Types of security testing

  • Understand some common types of security testing
  • Learn why it’s done, who does it, and when it takes place in the software development lifecycle
  • Highlights some advantages and disadvantages of certain types of security testing
  • Compare and contrast a few security tests that seem really similar
  • Learn some common security testing methodologies, how they differ, and how they can be applied to your testing practice

Module 3: Planning your test cases

  • How to expand your functional test cases to include security testing
  • Apply some practical examples and exercises to practice functional security testing
  • Understand how to get the most out of exploratory security testing

Module 4: Challenges with security testing

  • What some of the most common challenges are
  • Introduce tips and techniques to overcome these challenges

Module 5: Actioning test outcomes

  • How to communicate the vulnerability and its impact to relevant audiences
  • Understand the difference between internal and external reporting techniques
  • Learn how to follow through with the process to make sure issues are resolved and all lessons learned are fed back into the software development lifecycle

Module 6: Security testing tools

  • Some handy resources to review and bookmark in your favorite browser
  • Introduction to some common security testing tools

Try SafeStack today

Bring security skills to your entire software development lifecycle