Discover the level of security involved in the testing phase in the SDLC.
- In my mind, no single aspect…of the SDLC can have as much impact as testing.…Unfortunately no single aspect of the SDLC…is ignored as much as testing.…Testing for security is no exception,…in fact it may be even worse.…There are three key strategies to testing for security.…The first strategy is to leverage attack trees.…
As a team, you will design user personas…and attack trees that give you step by step attack vectors…against your application.…You can then weigh the likelihood of these attacks…and the risks presented by them.…Once you have this information,…you are given an ordered list of scenarios…that should be mitigated.…You then write test to confirm the mitigations are in place.…
This testing is highly effective in assuring…that your controls are in place correctly…to help protect your system.…These tests if properly automated,…can then be run on every build and every release.…Now, keep in mind these trees do change over time,…so your scenarios and tests will also have to change.…The next strategy is to leverage the risk register.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.