Security testing is the process of inspecting products in the life cycle of IT software products, especially from the basic completion of product development to the release stage, to verify that the products meet the definition of security requirements and product quality standards. It can be said that security testing runs through the entire software. life cycle. The following figure describes the security testing at each stage of the software life cycle, as shown in the figure below.
The risk analysis, static analysis, and penetration testing in the figure above all belong to the category of security testing. Compared with the ordinary testing described above, security testing needs to change the perspective and change the simulated object in the test. The following compares the differences between conventional testing and security testing from the following dimensions.
(1) Different test objectives
Ordinary testing is aimed at discovering bugs; security testing is aimed at discovering security risks.
(2) different assumptions
Ordinary tests assume that the data that causes problems is caused by the user’s carelessness, and the interface generally only considers the user interface; security tests assume that the data that causes problems is deliberately constructed by the attacker, and all possible attack paths need to be considered.
(3) Different domains of thinking
Ordinary testing takes the functions of the system as the domain of thinking; the domain of thinking of security testing includes not only the functions of the system, but also the mechanism of the system, the external environment, the security risks and security attributes of the application and data itself, etc.
(4) The problem discovery mode is different
Ordinary tests are judged based on the violation of function definitions; security tests are judged based on violations of authority and capability constraints.
Network security learning resource sharing:
Zero-based entry
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, there are supporting videos for each section corresponding to the growth route:
