Abstract

Domain 6 discusses security assessment and testing, which are critical components of any information security program. Organizations must accurately assess their real-world security, focus on the most critical components, and make necessary changes to improve. This domain describes two major components of assessment and testing: overall security assessments (including vulnerability scanning, penetration testing, security assessments, and security audits) and testing software via static and dynamic methods. Static testing tests the code passively: the code is not running. This includes walkthroughs, syntax checking, and code reviews. Dynamic methods include fuzzing, a type of black ...