Effective Test strategy-Technique-Methdology for high test coverage

1 Introduction 1.1 Purpose: This document will provide the generic testing guidelines for Application security testing. It talks about the common vulnerabilities in the system and how to find out those in early phase of SDLC. It will also take about the security overheads and performance of system because of it. Even if your application is not susceptible to security threats it is better to know and act on it. It is beyond the scope of this document to go into in depth of each of the vulnerabilities and process to test this. 1.2 Application Security Testing: Application security testing is defined as a process of identifying the various vulnerabilities in a system which are exposed because of improper design or coding issues. Application level threat cannot be avoided by network firewalls as data comes in HTTP request which these firewalls let pass. So it becomes even more important to handle the security when it applies application level than what happens at Network le...

What do you need to write a security test plan? The folowing documents comprise the list of what I would expect as inputs to the creation of the individual security test plans. This is a good point to go and review your overall security delivery plan. Does it include these documents as deliverables? Does the supplier have any of these as standard off-the-shelf products? : System security requirements System threat model System risk model Secure coding standards Technical threat modelling Infrastructure secure configuration guides Security defect metrics What is in a security test plan? The security test strategy should as a minimum specify the following points as the core content for each of the security test plans: What are the inputs to the test plan? When in the process does this test occur? Who specifies the test plan contents? Who performs the test? How many instances of the test are expected? What are the required outputs of the test? What are the success...