A very effective way of security testing is an audit of the software during its development. This means the auditing plan, auditing just developed components and their characteristics, as well as auditing of an integrated application, information security audit.
This method allows preventing problems before they occur, and also allows checking the application at each stage of engineering. This method also dives an opportunity to save money, as most of the bugs are prevented during the development, and those that were skipped are found immediately after their creation.
Another advice for security testing is to classify the problems in the logical groups, and then evaluate the software on the occurrence of each group of errors.
There are many other ways for evaluating security issues. For example, you can estimate the attacks at other users compared with the attacks on the hosting servers. This is very helpful for writing test cases, when you need to define the expected results for different actions. This helps not only to build a security framework but also to keep your customers safe.