Risk-Based Security Testing Strategy

Course Description

Software security is a key element in your assurance and compliance strategy for protecting your applications and critical data. Organizations need applications that not only work correctly under normal use but also continue to work acceptably in the face of malicious attack. Software security testing extends beyond basic functional requirements and is a critical part of a secure software development life cycle. Risk-based security testing is about building confidence that attackers cannot turn security risks into security problems. This course teaches you to think like an attacker when testing your applications.

Course Themes

• Illustrate a white box approach to look inside your code and help you design tests that prevent downstream security problems.
• Recommend strategies for prioritizing risks.
• Suggest methods to bootstrap your test improvement process.
• Provide examples of security defects, and discuss testing strategies to expose those kinds of problems.

Learning Objectives

• Develop a white box testing strategy based on real-world risks to improve where and how testing resources can be focused.
• Describe how to use architecture risk analysis and abuse case artifacts to enhance test plans.
• Use knowledge of common software errors to develop test cases that expose them.
• Strategize ways to integrate risk-based security testing into your SDLC.