Problem solve Get help with specific problems with your technologies, process and projects.

Where can I find software security test plan templates?

Before defining a security test plan there are a few questions that need to be answered. What are the security features you are planning for, what vulnerabilities concern you most and what kind of testing do you need to do to accomplish your goals.

Are there templates available for security test plans? Or how do design a good test plan for security?
There is no one best approach for security test plans. It all depends on your specific application and your specific business needs. Do you need to perform simple penetration testing? Are you looking to perform a more in-depth security assessment of the application and its supporting systems? Maybe source code analysis is all you need? Perhaps you need some basic use cases to check for common security flaws?

The most important question you have to answer is: What are we trying to accomplish here? Do you need an all out assessment so you can sleep at night knowing your customers have gotten the most secure application from your team? Or, are you trying to meet some basic minimum security standards from a customer, business partner, or regulatory body such as those mandated by the PCI Standards Council?

The main areas to test center around user access, data input, and system configuration. Look at all of these areas from the perspectives of both untrusted outsiders (without authentication) and trusted insiders (with authentication). A combination of good vulnerability scanners, source code analyzers, and manual analysis across these main areas will serve to uncover the security flaws that matter in your environment - especially if you already have a documented set of requirements and standards upon which the application was built.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.