It is constantly agreed, that cost will be more, if we put off security testing after software implementation stage or after deployment. In this way, it is important to include security testing in SDLC life cycle in the prior/earlier stages.
Let's investigate the corresponding Security processes/procedures to be adopted for each stage in SDLC:
SDLC Phases
Security Processes
Requirements
Security examination for prerequisites/requirements and check misuse/abuse cases
Design
Security risk examination for designing. Development of test arrangement including security tests
Coding and Unit Testing
Static and Dynamic Testing and Security white box testing
Integration Testing
Black Box Testing
System Testing
Black Box Testing and Vulnerability scanning
Implementation
Penetration Testing, Vulnerability Scanning
Support
Impact analysis of Patches
Test plan ought to include:-
Security related test cases or situations
Test Data identified with security testing
Test Tools required for security testing
Investigation on different tests outputs from various security tools
0 Comment(s)