Part of is the of . This is an important aspect of testing because it allows you to test the applications used on your network and throughout your company. It includes the testing of web and standard apps, looking for vulnerabilities, and even some code review.


Review of code

Code application review is the process of auditing the source code for an application to verify that the proper security controls are present, work as intended, and that they are invoked in all the right places. It is a process of ensuring an application is developed as “self-defending”. For example, reviewing said code could reveal embedded credentials.  The remedial action would then be to remove the embedded credentials from the application. Embedded credentials are bad practices from a security perspective because if the application is accessed by a bad actor, the credentials can be viewed and taken advantage of.


Web application testing

This type of testing is used to identify exploitable vulnerabilities in applications before are able to discover and exploit them. It will reveal real-world opportunities for to be able to compromise applications in such a way that allows for unauthorized access to data that is sensitive, or even take over systems to malicious purposes.

Source link


Please enter your comment!
Please enter your name here