The key difference between hacking and security testing is that security testing requires a comprehensive security quality assurance of the whole application, while hacking is looking for specific security issues or vulnerabilities. Creating a security-testing template will help the project team to plan security testing and maintain the quality of security testing. The following are the well-known industry best practices to build a security testing plan:

• OWASP Testing Guide: The OWASP testing guide provides the what, why, when, where, and how of the web applications security testing.
• PCI Penetration Testing Guidance: Instead of listing detailed testing cases and tools, the PCI penetration testing guide includes ...