Chapter 10

Security testing

Vulnerability assessments and penetration testing

Abstract

This chapter introduces the security testing assessment method, and differentiation between automated and manual techniques. Throughout the remainder of this chapter, a review of two types of security testing vulnerability scanning and penetration testing are provided, including the rules of engagement for documenting the purpose of the security test, and detailed guidelines and constraints regarding the execution of security testing. Finally, the FedRAMP security testing requirement are discussed with the focus on vulnerability and penetration testing activities.

Keywords

Security testing; penetration test; rules of engagement; ROE; vulnerability scanning; vulnerability ...

Get Federal Cloud Computing, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.