OFFICIAL (ISC)² CSSLP – DOMAIN 5; SECURE SOFTWARE TESTING

OFFICIAL (ISC)² CSSLP – DOMAIN 5; SECURE
SOFTWARE TESTING



Official (ISC)² CSSLP - Domain 5: Secure Software Testing

Attack surface validation - ANSWER Identify whether the software contains
an exploitable vulnerability (attack surface).


Black box test - ANSWER Traditionally considered to be testing functional
requirements.


Functional testing - ANSWER Software testing is conducted primarily to attest
to the functionality of the software as expected by the business or customer.


Fuzz testing - ANSWER A software testing technique, usually automated or
semi-automated, that provides invalid, unexpected, or random data to the inputs
of a computer program.


Load testing - ANSWER Usually defined as the process of exercising the
system under test by feeding it the largest tasks it can operate with.


Penetration test (pen test) - ANSWER A validation and verification measure
that is an evaluation of a software or network's current state of security


Psuedo Random Number Generator (PRNG) - ANSWER A deterministic
algorithm to generate a sequence of numbers with little or no discernible pattern
in the numbers, except for broad statistical properties.