From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Grouping your tests

Grouping your tests

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Grouping your tests

- [Instructor] As you plan to execute your security test, you can take advantage of efficiencies if you divide those tests into logical groups. You should consider grouping your test into two groups: functional and non-functional. As a quick reminder, functional test focus on the user experience. They validate that the app does what the user expects it to do. Non-functional tests are designed with an attacker in mind. They focus on what the app was not designed to do. When we first discussed functional tests, I emphasized that security tests don't often fall into this category. That said, functional tests that focus on business logic are the exception to that rule. Business logic and user experience go hand in hand, and an app that fails business logic test would not only make for a bad user experience, but it would also likely contain weaknesses that an attacker might be able to exploit. When we discussed ensuring a comprehensive approach to your testing, we discussed regression test…

Contents