Attack surface - Different security testing methods find different vulnerability types.
Black-box testing - Testing where no internal details of the system implementation are used.
Condition coverage – This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Covert security testing – Performed to simulate the threats that are associated with external adversaries. While the security staff has no knowledge of the covert test, the organization management is fully aware and consents to the test.
Data flow coverage – This criteria requires sufficient test cases for each feasible data flow to be executed at least once.
Real user monitoring (RUM) - An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.
Loop coverage - This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.
Static source code analysis (SAST) - Analysis of the application source code for finding vulnerabilities without executing the application.
Synthetic performance monitoring - Involves having external agents run scripted transactions against a web application.
Positive testing – Determines that your application works as expected.
Covert security testing – Performed to simulate the threats that are associated with external adversaries. While the security staff has no knowledge of the covert test, the organization management is fully aware and consents to the test.
Attack surface – Different security testing methods find different vulnerability types.
Dynamic testing – When the system under test is executed and its behavior is observed.
Statement coverage – This criterion requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior.
Condition coverage – This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Data flow coverage – This criteria requires sufficient test cases for each feasible data flow to be executed at least once.
Path coverage – This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.
Negative testing – Ensures the application can gracefully handle invalid input or unexpected user behavior
Multi-condition coverage – This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Decision (Branch) coverage – Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.
Condition coverage – This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once.
Condition coverage – It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
White-box testing – A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.
Threat modeling – A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Static source code analysis (SAST) – Analysis of the application source code for finding vulnerabilities without executing the application.
Statement coverage – This criterion requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior.
Condition coverage – This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Misuse case – A Use Case from the point of view of an Actor hostile to the system under design.
Use cases – Abstract episodes of interaction between a system and its environment.