Abstract

This entry surveys methodological approaches and tools used to effectively conduct security testing. It describes what role different personnel take on in the security testing process and how these roles use security testing techniques as part of the various levels of quality assurance, or QA (such as user acceptance, system test, integration test). Because uncovering a system's vulnerability requires expertise, this entry explores manual techniques. It also discusses the role of automation in providing consistency and scale to testing practice. The entry combines classic QA practice with modern security experience, taking both a black-box and white-box approach to assuring a system resists attack.