This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: "Security testing" – news · newspapers · books · scholar · JSTOR (August 2019) (Learn how and when to remove this message)

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended.[1] Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation.[2] Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such, a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.



Integrity of information refers to protecting information from being modified by unauthorized parties


This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labelling claims to be, or assuring that a computer program is a trusted one.





Common terms used for the delivery of security testing:


See also


  1. ^ M Martellini, & Malizia, A. (2017). Cyber and chemical, biological, radiological, nuclear, explosives challenges : threats and counter efforts. Springer.
  2. ^ "Introduction to Information Security" US-CERT
  3. ^ "Container Security Verification Standard". GitHub. 20 July 2022.
  4. ^ "Infrastructure as Code Security - OWASP Cheat Sheet Series".
  5. ^ "OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation".
  6. ^ "Component Analysis | OWASP Foundation".