
Security test
Why
Understand the security risks of an IT system.
How
Find and prioritise vulnerabilities in systems or services and determine their impact on the confidentiality, integrity and availability of information. Impacts also include safety risks and privacy risks. Assess controls that mitigate risks. Several methods may further aid a security test: guideline conformity analysis, a configuration review, penetration testing or red team/ blue team plays.
Practice
Companies use security tests to uncover vulnerabilities in systems to prevent data leaks or system failures (and bad press). In some cases, security tests are required to prove compliance with certain standards or regulations.
Ingredients
- Test tooling.
- A hacker’s attitude.
- A focus on intentional threats and threat actors.
Phases
- Realisation
Trade-offs
Read more about the trade-offs: Inspiration or Data / Expertise or Fit / Overview or Certainty.