Summary
This chapter has covered foundational concepts in security assessment and testing strategies. Designing and validating security assessment and test strategies are important parts of the security profession. Conducting security tests provides information about vulnerabilities in the systems and can also be used to test the effectiveness of security controls. Depending on the type of IT asset, a suitable test method has to be adopted. Vulnerability assessment and penetration tests are generally conducted on networks and servers. Software tests including load tests and code reviews are conducted on application programs.
Continued in the next chapter are topics in this domain pertaining to the collection analysis of security test data, which include reporting internal and third-party auditing requirements.