From the course: Building an Application Security Program
Join today to access over 25,500 courses taught by industry experts.
Verification testing
From the course: Building an Application Security Program
Verification testing
- [Instructor] Now we're going to talk about a different kind of testing called verification testing. Sometimes there are tests that fall in between SaaS, IS, and dynamic, so we end up having to find a way to test the outliers. Many times these are manual tests that are not covered by automation. Some tests are just hard to automate, so the tools won't cover them, and some testing just doesn't fit neatly into categories. It's not something that's easily tested by SaaS or DaaS, so we need to find a way to test these. Some examples are data flow. Being able to track and make sure that the data entered by a user makes its way to the database properly, or authentication. It's notoriously difficult to automate authentication, tests where if you're logged in as a user, ensuring that there's no way to elevate your privileges to an administrator. So sometimes these tests have to be done manually. Also, business processes. We…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-