Software Security Testing
- Tags
- security
Testing software systems to ensure they meet the security obligations of the system.
Most defensive security mechanism are reactive. They respond to known threats but don't seek out and try to discover possible threats. We [see page 7, need] to be proactive.
The Dilemma
We can only ever [see page 4, have] 2 of:
- Usability - The system does what's expected of it.
- Security - The system is secure to use.
- Cost Effectiveness - The same is cost efficient to build/maintain.
Comparison to Regular Testing
Testing for security, as opposed to testing for functionality, has different [see page 6, aims]:
- Functionality testing asserts the right behaviour for the happy flow.
- Security testing looks for wrong/unwanted behaviour for really strange inputs.
Normal system use reveals functional problems but not security problems:
Users will complain about functional problems. Hackers won't complain about security problems.
Security Testing Methods
Divided into two sub-categories: