IT question 2 be professional please

Computer Science
Tutor: None Selected Time limit: 1 Day

What is risk-based security testing?
May 7th, 2015

Risk based security testing is a type of software testing that is performed on organizations software. It is used to prioritize the tests of features and functions in a software package to ascertain its quality and also detect any weak points of failure.

Risk based testing has a numbers of ranking test that include boundary value analysis, all pairs testing, and state transition tables that aim to find weak points within the software.

The testing comprises of the following tests and also uses both manual and tool-based techniques.

·  Security test design: it identifies security misuse scenarios, determine test and threat levels, it defines the possible attack paths, it also identifies threats with risks.

·  Security test case design: I identifies security test cases based on misuse case, security requirements and organizational security policies

·  Security test execution: Its performs vulnerability scanning, performs manual test verification i.e. password keeper, it executes test cases, it generates test and defect logs

·  Reporting: It gathers the findings, it assigns threat levels, risk rating and exposer factors, it suggests possible solutions and a security improvement plan.


May 7th, 2015

explain it in your words please

May 7th, 2015

A risk based security test is mainly performed in companies and organization software i.e. customer support software, email server and so on. It is done routinely by certified professionals in order to detect any weakness within the software which would make it vulnerable to external attacks like hackers or competitors.

The following tests are performed within the risk based security test;

· Security test design: it identifies security misuse scenarios, it then determines test to perform and threat levels, it defines the possible attack paths within the software and identifies types of threats with risks.

· Security test case design: It identifies security test cases based on misuse case and also determines the  security requirements and organizational security policies

· Security test execution: Its performs vulnerability scanning of the sofware, it performs manual test verification i.e. password keeper, it executes test cases and it generates test and defect logs

· Reporting: It gathers the findings; it assigns threat levels, risk rating and exposer factors; it suggests possible solutions and a security improvement plan.



May 7th, 2015

Studypool's Notebank makes it easy to buy and sell old notes, study guides, reviews, etc.
Click to visit
The Notebank
...
May 7th, 2015
...
May 7th, 2015
Dec 10th, 2016
check_circle
Mark as Final Answer
check_circle
Unmark as Final Answer
check_circle
Final Answer

Secure Information

Content will be erased after question is completed.

check_circle
Final Answer