This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact firstname.lastname@example.org if you have any questions about the US-CERT website archive.
Describes some of the issues involved in testing the various interfaces through which software communicates with its environment. These include:
- Identification of architectural, design, and implementation risks
- Risk-driven test creation
- Dependency attacks
- User Interface attacks
- File system attacks
- Design attacks
- Implementation attacks
- Penetration testing
- Static vulnerability scanning
- Test coverage
- Test depth analysis
The primary objective is to improve the understanding of some of the processes of security testing, such as test vector generation, test code generation, results analysis, and reporting. This will help testers to improve the generation of test vectors and increase confidence in the tests of security function behaviors.