Editor's note
Urgent requests, imminent deadlines or just plain old excitement -- there are a lot of reasons why applications and services get rushed into deployment before they're thoroughly vetted for vulnerabilities. But it’s up to infosec pros to pump the brakes and make sure anything entering the IT environment has undergone proper security assessment and testing, because all it takes is one line of bad code to create an exploit.
In this Security School, based on (ISC)² CISSP training material on Domain 6 of the exam -- Security Assessment and Testing -- learn about techniques and tools used to identify and resolve possible attack surfaces, as well as the importance of testing software for vulnerabilities early and often. In his video, expert Adam Gordon explains how infosec pros can partners with software teams to ensure security assessment and testing is performed before, during and after application development. In addition, Gordon provides a comprehensive overview of different types of security testing techniques in his tip.
Once you've reviewed the parts of this Security School on security assessment and testing, take the quiz to see how much you have learned about vulnerability assessment, threat modeling, code review and more.
View our Security School Course Catalog to view more schools.
CISSP® is a registered mark of (ISC)².
1Prepare for Domain 6: Security assessment and testing
Going back to the old adage of "better safe than sorry," performing a security assessment and testing on enterprise applications and services is one of those tasks you want to ensure is a regular part of your IT organization's workflow. Otherwise, overlooking this step can have drastic consequences.
-
Article
Learn about common security testing tools and methods
Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them. Read Now
-
Article
CISSP Domain 6 quiz: Vulnerabilities in software
Domain 6 of the CISSP exam tests how well you understand the security assessment and testing strategies needed to recognize, prevent and remedy vulnerabilities in software. Read Now