Chapter 7

Domain 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)


Domain 6 discusses security assessment and testing, which are critical components of any information security program. Organizations must accurately assess their real-world security, focus on the most critical components, and make necessary changes to improve. This domain describes two major components of assessment and testing: overall security assessments (including vulnerability scanning, penetration testing, security assessments, and security audits), and testing software via static and dynamic methods. Static testing tests the code passively: the code is not running. This includes walkthroughs, syntax checking, and code reviews. ...

Get CISSP Study Guide, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.