Podcast
Questions and Answers
What is a primary function of threat-model-driven testing?
What is a primary function of threat-model-driven testing?
- Improving UI design
- Ensuring security threats are mitigated correctly (correct)
- Managing team communication
- Validating user experience
Which type of testing is used to refer to key functional tasks performed by quality assurance?
Which type of testing is used to refer to key functional tasks performed by quality assurance?
- Penetration testing
- Security testing (correct)
- Test-driven development
- Integration testing
What does penetration testing typically supplement?
What does penetration testing typically supplement?
- Threat modeling (correct)
- Quality assurance
- Software development
- Project management
Which method of penetration testing involves testers being given access to code and designs?
Which method of penetration testing involves testers being given access to code and designs?
What is a key aspect of QA'ing threat modeling?
What is a key aspect of QA'ing threat modeling?
What should be done if a threat model leads to substantial redesign or architecture changes?
What should be done if a threat model leads to substantial redesign or architecture changes?
What should be developed for each identified threat in a threat model?
What should be developed for each identified threat in a threat model?
How should bugs related to threat mitigation be handled before closing the testing phase?
How should bugs related to threat mitigation be handled before closing the testing phase?
Which stage in the software development lifecycle involves testing and validation?
Which stage in the software development lifecycle involves testing and validation?
What type of penetration testing involves testing a system without any prior knowledge of the internal workings?
What type of penetration testing involves testing a system without any prior knowledge of the internal workings?
In threat modeling, what is an important element to verify related to the threat model?
In threat modeling, what is an important element to verify related to the threat model?
Why are bugs used to track test development?
Why are bugs used to track test development?
What is the role of QA in the context of threat modeling?
What is the role of QA in the context of threat modeling?
What type of testing attempts to bypass mitigation efforts?
What type of testing attempts to bypass mitigation efforts?
When integrating test processes, what should the creation of tests involve?
When integrating test processes, what should the creation of tests involve?
Study Notes
Threat Modeling and Testing
- Primary function of threat-model-driven testing is to ensure security threats are mitigated correctly
- Security testing refers to key functional tasks performed by quality assurance (QA)
Penetration Testing
- Penetration testing typically supplements threat modeling
- Types of penetration testing:
- Black box testing: provides only the software to testers without additional resources
- Glass box testing: involves testers being given access to code and designs
- Grey box testing: not mentioned as an answer, but implied as a type
- White box testing: not mentioned as an answer, but implied as a type
QA and Threat Modeling
- Key aspect of QA'ing threat modeling is ensuring model/reality conformance
- QA's role in threat modeling is to ensure all processes and tasks related to threats are completed
- For each identified threat in a threat model, at least two tests should be developed
Threat Model Changes and Handling Bugs
- If a threat model leads to substantial redesign or architecture changes, reassess and possibly revamp the threat model
- Bugs related to threat mitigation should be reviewed and ensured they are closed before closing the testing phase
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Quiz about software development methodologies and security testing, including penetration testing and threat modeling.
