Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Security Testing

Describes some of the issues involved in testing the various interfaces through which software communicates with its environment. These include:

  • Identification of architectural, design, and implementation risks
  • Risk-driven test creation
  • Dependency attacks
  • User Interface attacks
  • File system attacks
  • Design attacks
  • Implementation attacks
  • Penetration testing
  • Static vulnerability scanning
  • Test coverage
  • Test depth analysis

The primary objective is to improve the understanding of some of the processes of security testing, such as test vector generation, test code generation, results analysis, and reporting. This will help testers to improve the generation of test vectors and increase confidence in the tests of security function behaviors.