Our notable partnerships give us access to the best resources and tools for the job.
Get software testing training resources:
Security is all the attributes and emergent properties of software products that bear on its ability to prevent unauthorized access, whether accidental or deliberate, to programs and data.
If you are a software developer, software development manager, or software quality assurance staff member, you probably know that developing secure software is no longer simply desirable—it’s completely essential.
If you are a software tester, programmer, or manager, you probably know that developing secure software is no longer simply desirable—it’s completely essential.
Some might assume that most security problems arise from the operating system or networking layers, well below the application code they are working on. However, figures for Web-based applications show that over three-quarters of security exploits arose from applications.
So, you know you need secure code, but how to get there? What are your security risks? What security failures and bugs do you have? What do these security risks, failures, and bugs mean? How can you reduce security risk in a way that doesn’t create new problems? How do you monitor my progress over time? This article will outline seven steps that will allow you to answer these and other questions as you improve your software’s security.
This is an excerpt from my book, Expert Test Manager, written with James Rommens and Leo van der Aalst. I hope it helps you think more clearly about the test strategies you use.
A test policy contains the mission and objectives of testing along with metrics and goals associated with the effectiveness, efficiency, and satisfaction with which we achieve those objectives. In short, the policy defines why we test. While it might also include some high-level description of the fundamental test process, in general the test policy does not talk about how we test.
The document that describes how we test is the test strategy. In the test strategy, the test group explains how the test policy will be implemented. This document should be a general description that spans multiple projects. While the test strategy can describe how testing is done for all projects, organizations might choose to have separate documents for various types of projects. For example, an organization might have a sequential lifecycle test strategy, an Agile test strategy, and a maintenance test strategy.
Webinar: The Scourge of the Under-tested Automatic Software Update
Length: 1h 30m 0s
Let’s suppose you bought a car. Six days later, someone from the dealership let himself into your garage, removed the tires on the car, installed some “updated” tires that actually had holes in them, and then left. In the morning, your car was there in the garage, all sad and undriveable on its flat, flabby tires. That’s clearly unacceptable, in fact even criminal, but we allow the same thing to happen all the time with software. Why? In this webinar, Rex will catalog infamous automated software updates, released without sufficient testing to wreak havoc, or at least inconvenience. He’ll then give a detailed roadmap for reducing your chances of being part of the problem.
One Key Idea: ISTQB Advanced Security Tester
Length: 0h 20m 0s
Defects and errors prevent applications and systems from delivering the value their designers and customers intended. Moreover, defects and errors present opportunities for malicious actors to undermine the integrity, availability and confidentiality of essential business data and computational assets. Many large cyber incidents (ex. Target, Yahoo! and Equifax) have reduced the tolerance of regulators, shareholders, customers and the public for poor cyber security practices. The greatest threat is directed towards the greatest value, albeit the path of attack may be roundabout. Security testing is an essential phase in the application and systems development and operations lifecycle. Join us to learn about this valuable professional development step that will bolster your career, and assist your employer’s efforts to take substantive steps to ensure their business goals are reached and risks managed.
ISTQB Virtual Advanced Security Tester Boot Camp
The Advanced Security Tester Boot Camp course, created by Rex Black, past President of the International Software Testing Qualifications Board (ISTQB), past President of the American Software Testing Qualifications Board (ASTQB) and co-author of a number of International Software Testing Qualifications Board syllabi, is ideal for testers and test teams preparing for certification in a short timeframe with time and money constraints.
ISTQB Virtual Advanced Security Tester Training
This hands-on course provides test engineers with the ability to define and carry out the tasks required to put the strategy into action and is ideal for testers and test teams preparing for certification. In preparation for the exam, participants will key concepts related to security threats, risks, policies and procedures, and how to address those through testing processes integrated into the software lifecycle.
ISTQB Advanced Security Tester Training
The Advanced Security Tester course, created by Rex Black, past President of the International Software Testing Qualifications Board (ISTQB), past President of the American Software Testing Qualifications Board (ASTQB) and co-author of the International Software Testing Qualifications Board Advanced Syllabus, provides test engineers with advanced skills in security test analysis, design, and execution through direct instruction and group exercises.
This hands-on course provides test engineers with the ability to define and carry out the tasks required to put the strategy into action and is ideal for testers and test teams preparing for certification. In preparation for the exam, participants will key concepts related to security threats, risks, policies and procedures, and how to address those through testing processes integrated into the software lifecycle.