9.4 Security testing

The goals of program testing are to find bugs and to provide convincing evidence that the program being tested does what it is supposed to do. Security testing has comparable goals. It aims to find vulnerabilities that an attacker may exploit and to provide convincing evidence that the system is sufficiently secure. The tests should demonstrate that the system can resist attacks on its availability, attacks that try to inject malware, and attacks that try to corrupt or steal users’ data and identity.

Discovering vulnerabilities is much harder than finding bugs. Functional tests to discover bugs are driven by an understanding of what the software should do. Your tests only have to show that your software is operating as expected. ...

Get Engineering Software Products: An Introduction to Modern Software Engineering now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.