Q
Problem solve Get help with specific problems with your technologies, process and projects.

Where can I find software security test plan templates?

Before defining a security test plan there are a few questions that need to be answered. What are the security features you are planning for, what vulnerabilities concern you most and what kind of testing do you need to do to accomplish your goals.

Are there templates available for security test plans? Or how do design a good test plan for security?
There is no one best approach for security test plans. It all depends on your specific application and your specific business needs. Do you need to perform simple penetration testing? Are you looking to perform a more in-depth security assessment of the application and its supporting systems? Maybe source code analysis is all you need? Perhaps you need some basic use cases to check for common security flaws?

The most important question you have to answer is: What are we trying to accomplish here? Do you need an all out...

assessment so you can sleep at night knowing your customers have gotten the most secure application from your team? Or, are you trying to meet some basic minimum security standards from a customer, business partner, or regulatory body such as those mandated by the PCI Standards Council?

The main areas to test center around user access, data input, and system configuration. Look at all of these areas from the perspectives of both untrusted outsiders (without authentication) and trusted insiders (with authentication). A combination of good vulnerability scanners, source code analyzers, and manual analysis across these main areas will serve to uncover the security flaws that matter in your environment - especially if you already have a documented set of requirements and standards upon which the application was built.

This was last published in July 2010

Dig Deeper on Software Quality Resources

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close