The key difference between hacking and security testing is that security testing requires a comprehensive security quality assurance of the whole application, while hacking is looking for specific security issues or vulnerabilities. Creating a security-testing template will help the project team to plan security testing and maintain the quality of security testing. The following are the well-known industry best practices to build a security testing plan:
- OWASP Testing Guide: The OWASP testing guide provides the what, why, when, where, and how of the web applications security testing.
- PCI Penetration Testing Guidance: Instead of listing detailed testing cases and tools, the PCI penetration testing guide includes four key agenda of the testing such as Penetration Testing Components, Qualifications of a Penetration Tester, Penetration Testing Methodologies...