5 hours 54 minutes

Video Description

This lesson focuses on quality assurance; which is an important aspect of secure software testing. The goal of quality assurance is to discover: • Reliability: does software function as expected? • Recoverability: can the software restore itself after downtown? • Resiliency: can the software withstand attacks? • Interoperability: can the software function in disparate environments? • Privacy: are the various forms of PII, PHI, and PFI protected appropriately?

Video Transcription

Now, when we look at Part five, we go into the areas of secure software testing. This really isn't a huge section. Ah, but there are some important elements. When we talk about secure software testing, we have to look at Q A's involvement
in the process and what they're hoping to accomplish.
Then we'll talk about some testing artifacts, and we talk about artifacts, these air, all of the documents processes, plan strategies that go into conducting the tests.
We'll talk about the different types of testing, and then we'll talk about assessing the impact and in a short of corrective actions that need to be made.
So first off, we're gonna talk about quality assurance,
and there are five elements that quality assurance is gonna test. First of all, they're gonna test the reliability of the system, and this really focuses in on, Ah, the software's function. Does it function as expected? Does it meet the developers description
doesn't do what it's supposed to do, and that's the reliability of a system
next element that Q A looks at is recoverable ity.
Can the software restore itself to a functioning state after downtime? So if there is an error or some sort of problem. Can the system restore its itself? And can it do so in such a manner? That information isn't compromised and the security policy wouldn't be violated?
We think about this. Downtime, whether it's accidental or intentional, doesn't matter.
But can the software get back up? Can it, Ron, Can it restore itself?
Resiliency. Resiliency is especially important from a security standpoint, because when we're talking about resiliency, we want to know if the software can withstand an attack.
Is it going to be susceptible to code injection attacks? Are there buffer overflow potentials? Um,
so basically, when we talk about 10 testing and we talked about security scanning and those sorts of things that's testing the resiliency of a system
can the software operate in a disparate environment? So we know that not, um,
we know that environments are very rarely homogeneous. They're very frequently heterogeneous, meaning we have all sorts of vendors, all sorts of components and elements, some that meets standards, some that don't within our workforce environment. Can this software that we've developed
work within the environment regardless of
it being gender neutral or not,
and then last que es wants to detect and make sure that privacy is protected. And, of course, when we talk about privacy, certain types of information that we've talked about throughout this whole class personally identifiable information, personal health care information, personal financial information,
making sure that any of these forms of data any of these types of data
are protected appropriately according to whatever standards must be met.

Up Next

ISC2 Certified Secure Software Life-cycle Professional (CSSLP)

This course helps professionals in the industry build their credentials to advance within their organization, allowing them to learn valuable managerial skills as well as how to apply the best practices to keep organizations systems running well.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor