Integration Between Security Checking Processes and Development Stages
It is of great importance to implement system security testing at the early stages of the product development. Thus, QA services price will be higher but checking itself will be also more efficient. Besides, in this case, the expenditures for the whole development process will be lower.
It is much easier to remove bugs of the product security system at a certain stage, for instance, security system errors, discovered at the requirement analysis stage, will not cause new problems at the following phases.
Certainly, the ready-made product also undergoes detailed and thorough checking. The specialists perform different security testing types - access control testing, penetration testing, and etc.
What security checking type is required for each development stage?
- At the requirement stage, the analysis of reliability and technical conditions security is executed.
- Designing stage presupposes security risk analysis, test plan development which will include security tests.
- Coding and unit testing are accompanied with static and dynamic checking and also security testing (white-box method).
- During integration testing, security checking processes with the black-box method are conducted.
- At the stage of system checking, black-box testing and scanning of the weak points of the system security are fulfilled.
- Penetration testing accompanies the implementation process.
The test plan should include the test cases and scenarios for security checking, necessary test data, required for checking tools, and also outcome analysis of the diverse test.