You guessed it from the title, but security testing is really just another type of testing. Secure development is not rocket science, but a mindset inside of the scope of any development.
Security is essentially to know your product, both how it’s designed to work (happy path) and how it can be broken (exception paths). If you build a skyscraper, you do not only build it for sunny weather but also for hurricanes. If you’re building software that you sell, the customer expects the software to enable their business, not to block it.
Security is to find bugs and be able to perform good triage on them.
Security is also to have a prestigeless, nonblaming working environment where found bugs actually can be fixed.
Continue reading “How does security testing differ from testing?”