Selecting Security Testing Tactics

Remember, that each line of code needs to be defended at any time. In the military sphere such tactics is called the dilemma of the defender, which means that everything should be safe all the time.

As soon as the defender gets more and more desirable, he also gets more attackers, and gathers more data that is necessary to be under protect. By its nature, the attackers have some advantages with help of which it is easy for them to identify poorly protected parts, and to capture the entire application. There is no certainty that those functions that you think are least susceptible to attacks, in fact, the least attacked. Small applications are also targets for security scrapping.

To be fully secure, your application must be perfect. This is unrealistic, because the application will have errors in any case, but your goal is to provide maximum protection for your application in order to reduce the chances to become an easy target.

There are two general approaches concerning who performs security testing or any other kind of testing:

• The presence of the employee or group of employees who specialize in software testing for these types of problems
• Have a test for every customer feature to test it for these kinds of problems

Depending on the level of training of software testers, the complexity of the developed product and many other factors, one of these methods would be more appropriate for your company than another. But keep in mind that the approach to software and application security can be changed.

Related Posts:

• Rules for Effective Software Development and Testing
• Distinctive Features of Game Testing Process
• Security Testing Using Vulnerability Scanners
• Advantages of Automated Testing
• Security Audit as a Part of Security Testing