Skip to main content

Testing

following should be considered in the Testing phase:

  • Test planning  [Mandatory]- Planning for testing should also consider security testing. This includes defining roles and responsibilities for security testing
  • Test scenarios and test case design [Mandatory] - When designing test scenarios and test cases, security test cases should also be included
  • Application security testing [Mandatory] – application security testing should be performed to check that the security requirements and controls have been addressed in the software. It also includes checking of system configuration against security specifications and baseline standards
  • Regression testing  [Mandatory]- Testing should also include security retesting to check that new vulnerabilities have not been introduced in the process of introducing new changes to software
  • Vulnerability assessment [Mandatory] – Vulnerability assessment or scanning should be performed on the system to check for and address any vulnerabilities that are not identified or addressed adequately during the previous phases
  • Penetration testing [Mandatory] - Penetration testing imitates the tactics and behaviors of attackers to assess the security posture of an organization’s network, computer system, or web application. Penetration testing can either be performed manually or with the assistance of automated software tools. It is recommended that Penetration testing be performed by independent third-party assessors (external to the project implementation team)
Back to top