The 5 Layers of Security Testing

Information Security: Everyone’s job every day”. Security is too important to ignore, so we will briefly look at the ways that we need to collaborate with our Security professionals to ensure that security is addressed well in our project’s testing and verifications.

  1. Test Security Features. We will start by looking at some of the security mechanisms that are designed into the code (e.g. encryption) and the ways we can collaborate to design good unit and component tests. Then we will turn our attention to the various types of Security features so we can ensure that our functional testing of those features is adequate.
  2. Perform Negative Testing. Not just for quality purposes, negative testing is also an important part of our security testing. In this context, we will look at both white-box and black-box Fuzz Testing.
  3. Test Misuse and Abuse Cases. To our consideration of User Stories, we should add Abuse Stories and Misuse Stories – How might people abuse or misuse the system and how should it respond?
  4. Test for Common Bugs that open Vulnerabilities. The mistakes the developers make that have the side-effect of opening security vulnerabilities are widely published and well known. (Think buffer overflow.) We will look at some to the best sources of this information and discuss how we can collaborate to find those mistakes early.
  5. Ensure Readiness for Release. We will look at the final verifications and testing that can confirm that the system is secure enough to release, including Penetration Testing.



Alan Koch

Alan S Koch is a consultant, speaker and writer on effective Project Management, software development, IT operations, and public speaking methods. His more than 40 years in Information Technology has ...