Code tests verify that software is functioning properly and are a critical step in the development of secure code. In this video, learn about the two major types of code testing: static and dynamic testing. Also, learn how these tests may be conducted in a manual or automated fashion and the use of synthetic transactions.
- [Instructor] Code tests verify…that software is functioning properly,…and these tests are a critical step…in the development of secure code.…While code reviews play an important role…in software security,…reviews involve developers examining code…and inspecting it for defects.…Code tests go beyond code reviews…and use technology to assist in the code inspection process.…It's common for organizations to use both code tests…and code reviews on the same software…to gain different perspectives…on software quality and security.…
There are two main types of code testing:…static tests and dynamic tests.…In a static code test,…developers use specialized testing software…to examine the code for common defects.…The code doesn't actually get executed during a static test,…but it is examined for common errors,…and those errors are reported as defects…that require correction.…You can think of static code tests…as the automated version of a code review.…
In a dynamic code test,…the testing software actually executes the code.…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management