Abstract

Domain 6 discusses security assessment and testing, which are critical components of any information security program. Organizations must accurately assess their real-world security, focus on the most critical components, and make necessary changes to improve. This domain describes two major components of assessment and testing: overall security assessments (including vulnerability scanning, penetration testing, security assessments, and security audits), and testing software via static and dynamic methods. Static testing tests the code passively: the code is not running. This includes walkthroughs, syntax checking, and code reviews. Dynamic methods include fuzzing, a type of black box testing that submits random, malformed data as inputs into software programs to determine if they will crash.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.