From the course: Programming Foundations: Secure Coding
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Embrace security in testing
From the course: Programming Foundations: Secure Coding
Embrace security in testing
- In my mind, no single aspect of the SDLC can have as much impact as testing. Unfortunately no single aspect of the SDLC is ignored as much as testing. Testing for security is no exception, in fact it may be even worse. There are three key strategies to testing for security. The first strategy is to leverage attack trees. As a team, you will design user personas and attack trees that give you step by step attack vectors against your application. You can then weigh the likelihood of these attacks and the risks presented by them. Once you have this information, you are given an ordered list of scenarios that should be mitigated. You then write test to confirm the mitigations are in place. This testing is highly effective in assuring that your controls are in place correctly to help protect your system. These tests if properly automated, can then be run on every build and every release. Now, keep in mind these trees do change over time, so your scenarios and tests will also have to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.