Describe how security testing differs from ordinary functionality testing. What are the criteria for passing a security test that differ from functional criteria?
What will be an ideal response?
Security
testing
must
also
test
the
"and
nothing
else"
criteria
(absence
vs.
presence)—security
functionality
must
do
exactly
and
only
what
is
specified
in
the
requirements.
The
"and
nothing
else"
criteria
are
generally
unique
to
security
functionality.
You might also like to view...
Linux is an open-source operating system.
Answer the following statement true (T) or false (F)
Method __________ registers a stateChanged event handler with a component.
a) addChangeListener b) addActionListener c) addKeyListener d) addStateListener
Actions and behaviors refer to the same thing.
Answer the following statement true (T) or false (F)
Your organization has implemented several new security controls. You have decided to reverse engineer the controls. What will this provide?
A. It will ensure that the controls mitigate your security issues. B. It will help determine the ROI of the control. C. It will identify entry points and weaknesses. D. It will help determine the TCO of the control.