Risk-Based Security Testing Strategy

Course Description

Software security is a key element in your assurance and compliance strategy for protecting your applications and critical data. Organizations need applications that not only work correctly under normal use, but also continue to work acceptably in the face of malicious attack. Software security testing extends beyond basic functional requirements and is a critical part of a secure software development life cycle. Risk based security testing is about building confidence that attackers cannot turn security risks into security problems. This course teaches you to think like an attacker when testing your applications.

Course Themes

  • Illustrate a white-box approach to look inside your code and help you design tests that prevent downstream security problems
  • Recommend strategies for prioritizing risks
  • Suggest methods to bootstrap your test improvement process
  • Provide examples of security defects and discuss testing strategies to expose those kinds of problems

Learning Objectives

  • Develop a white-box testing strategy based on real-world risks to improve where and how testing resources can be focused
  • Describe how to use architecture risk analysis and abuse case artifacts to enhance test plans
  • Use knowledge of common software errors for developing test cases to expose them
  • Strategize ways to integrate risk-based security testing into your SDLC

Course Outline

Improving Your Test Strategy

  • Software Security
  • Software Security Testing

Adding Risk-Based Security Testing

  • Starting Risk-Based Security Testing
  • Adding Risk-Based Security Testing

Security Coding Error Testing Approach

  • Security Coding Error Test Approach
  • Conclusion


Delivery Format: eLearning

Duration: 3 Hours

Level: Advanced

Intended Audience:

  • Developers
  • QA Engineers
  • Application Security Specialists

Competencies: Understanding of security risks, attack patterns, and code as part of testing