Urgent requests, imminent deadlines or just plain old excitement -- there are a lot of reasons why applications and services get rushed into deployment before they're thoroughly vetted for vulnerabilities. But it’s up to infosec pros to pump the brakes and make sure anything entering the IT environment has undergone proper security assessment and testing, because all it takes is one line of bad code to create an exploit.
In this Security School, based on (ISC)² CISSP training material on Domain 6 of the exam -- Security Assessment and Testing -- learn about techniques and tools used to identify and resolve possible attack surfaces, as well as the importance of testing software for vulnerabilities early and often. In his video, expert Adam Gordon explains how infosec pros can partners with software teams to ensure security assessment and testing is performed before, during and after application development. In addition, Gordon provides a comprehensive overview of different types of security testing techniques in his tip.
Once you've reviewed the parts of this Security School on security assessment and testing, take the quiz to see how much you have learned about vulnerability assessment, threat modeling, code review and more.
View our Security School Course Catalog to view more schools.
CISSP® is a registered mark of (ISC)².
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Prepare for Domain 6: Security assessment and testing
Going back to the old adage of "better safe than sorry," performing a security assessment and testing on enterprise applications and services is one of those tasks you want to ensure is a regular part of your IT organization's workflow. Otherwise, overlooking this step can have drastic consequences.
Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them. Continue Reading
Security and function don’t have to compete. By working together, information security pros and systems administrators can build better, more secure software. Continue Reading