Security Testing Practice Exam
About Security Testing
Security testing is an integral part of software testing, which is used to discover the weaknesses, risks, or threats in the software application and also help us to stop the nasty attack from the outsiders and make sure the security of our software applications.
The primary objective of security testing is to find all the potential ambiguities and vulnerabilities of the application so that the software does not stop working. If we perform security teqsting, then it helps us to identify all the possible security threats and also help the programmer to fix those errors.
It is a testing procedure, which is used to define that the data will be safe and also continue the working process of the software.
Why is Security Testing important?
A comprehensive security testing framework deals with validation across all layers of an application. Starting with analysis and evaluation of the security of the infrastructure of the application, it moves further covering the network, database and application exposure layers. While application and mobile testing serves to evaluate security at these levels, cloud penetration testing exposes the security chinks in the armour, when the application is hosted in the cloud. These testing concepts make use of a combination of automated scanner tools that evaluate lines of code for security anomalies and penetration testing that simulates attack by unintended access channels.
Vulnerability assessment forms an important component of security testing. Through this, the organization can evaluate their application code for vulnerabilities and take remedial measures for the same. Recently, many of the software development organizations have been making use of secure software development life cycle methodologies to ensure identification and rectification of vulnerability areas early on in the application development process.
The main goal of Security Testing is to identify the threats in the system and measure its potential vulnerabilities, so the threats can be encountered and the system does not stop functioning or cannot be exploited. It also helps in detecting all possible security risks in the system and helps developers to fix the problems through coding.
Who should take the Security Testing Exam?
• Software Security professionals
• Software testing or QA professionals
• Anyone who wants to assess their software testing skills
• Software testing or QA managers and senior executives
• Professionals working in outsourced companies responsible for software testing or QA
• Software testing or QA consultants
• Students
Knowledge and Skills required for the Security Testing
Candidates gain quick success in security testing if they have skills of critical thinking and communication skills for communicating the results amongst all stakeholders.
Security Testing Practice Exam Objective
Security Testing exam focuses on assessing your skills and knowledge in concepts and application of information security and their testing
Security Testing Practice Exam Pre-requisite
There are no prerequisites for the Security Testing exam.
Security Testing Certification Course Outline
1. Software Testing Basics
1.1 Scope
1.2 Functional vs. Non-Functional testing
1.3 Defects and failures
1.4 Finding faults early
1.5 Compatibility
1.6 Input combinations and preconditions
1.7 Static vs. dynamic testing
1.8 Software verification and validation
1.9 The software testing team
1.10 Software quality assurance (SQA)
1.11 Testing Methods - The box approach
2. The Testing Process
2.1 Traditional CMMI or waterfall development model
2.2 Capability Maturity Model Integration
2.3 Waterfall model
2.4 Agile or Extreme development model
3. Automated testing
3.1 Code-driven testing
3.2 Graphical User Interface (GUI) testing
3.3 What to test
3.4 Framework approach in automation
3.5 Defining boundaries between automation framework and a testing tool
3.6 Testing tools
3.7 Measurement in software testing
4. Testing Artifacts
4.1 Test plan
4.2 Traceability matrix
4.3 Test case
4.4 Test script
4.5 Test suite
4.6 Test data
4.7 Test harness
5. Security Testing
5.1 Introduction to Software Security
5.2 Standard Application Attack Vectors
5.3 Authentication and Authorization
5.4 Cryptography
5.5 Web application Security :
5.6 Web application vulnerabilities
5.7 Common Weaknesses
5.8 Data Leakage Attacks
5.9 Incorrect Resource Transfer between Spheres
5.10 Injection Attacks
Exam Format and Information
Certification name – Security Testing Certification
Exam duration – 60 minutes
Exam type - Multiple Choice Questions
Eligibility / pre-requisite - None
Exam language - English
Exam format - Online
Passing score - 25
Exam Fees - INR 1199