It appears JavaScript is currently disabled in your browser. JavaScript needs to be enabled to view this recording.

Paco HopePaco Hope

Paco Hope is a Principal Consultant with Cigital, Inc. and has 12 years of experience in security on mobile, embedded, and web platforms. He has led numerous engagements assessing source code and implementations of mobile phones, lottery systems, casino gaming devices, smart cards and web applications. He is the co-author of The Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security. Mr. Hope also serves on the Application Security Advisory Board of (ISC)2, acting as a subject matter expert for the Certified Information Systems Security Professional (CISSP) and the Certified Secure Software Lifecycle Professional (CSSLP).

 


 description

Risk-based security testing

Learning objectives

  • learn the role of security in the test strategy and test planning process
  • map tests to risks in a traceability matrix
  • identify security testing activities that fit into ordinary testing activities

Overview

Risk-based security testing is about ensuring that we have achieved our software's mission without introducing undue risks to the business. Whereas functional and non-functional testing focus on mapping tests to requirements, risk-based testing maps its activities to the risks we face if our software fails.

 

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.