6 Testing

Question 1

securiy assessment

Answer 1

security assessment is an overall approach to assess the effectiveness of access control

DOMAINS:
pentest
vulnerybility test
audits
policies, procedures
change management
usw

Question 2

software testing

Answer 2

static: analyse code without executing it, code review, passive testing, static analysis tools
dynamic: analyse in runtime environment while executing it

Question 3

fuzz testing

Answer 3

provide many different types of input (random, malformed data) to see if a program crashes

black box, typically automated

Question 4

misuse case testing

Answer 4

detects, how a security impact can be realized by abusing the application

misuse UML-cases

Question 5

bottom up method:

Answer 5

errors in critical modules are detected earlier

Question 6

combinatorial software testing

Answer 6

black box method that test all possible unique combinations of input. all-pairs testing

Question 7

audits

Answer 7

test against a standard (zB PCI-DSS) by external auditors

Question 8

traceability matrix

Answer 8

RTM (Requirements Traceability Matrix)
maps customers requirements to the software testing plan and their results

use cases tets cases

Question 9

Testing levels

Answer 9

unit testing: low level test of components

installation testing: when installed and first operated

integration testing: testing multiple components as they are combined into a single system

regression testing: after updates, modifications

acceptance testing: test if software meets operational requirements