What are some of the steps that helped you implement security testing effectively into your testing?
Short answer: involve early + treat as a parallel activity, outside of CI/CD and coding activities like test automation, performance testing etc.
--------------------------------------------------------------------------
That buzzword(s) of “shifting left” helps here... by involving testing as early as possible around the project definition stage & onboarding a test manager, the types of testing can be considered as early as possible (i.e. are we building a customer-facing website? then we ought to consider security testing, accessibility testing, performance testing, user experience testing etc. which might not all be needed if we were building an internal daily inspirational meme app).
Security testing is normally a very specialised field where a member or team are bought on board to the project to identify what to test (ports, attack surfaces etc.), how best to test (which tools etc.) and with the skillset to understand the test result reports & write the finding next step recommendations.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.