Useful Links
Computer Science
Cybersecurity
Security Testing
1. Foundations of Security Testing
2. Security Testing Methodologies
3. Types of Security Assessments
4. Penetration Testing Execution Standard
5. Web Application Security Testing
6. Mobile Application Security Testing
7. Infrastructure Security Testing
8. Security Testing Tools and Environments
9. Reporting, Remediation, and Verification
10. DevSecOps Integration
Types of Security Assessments
Vulnerability Assessment
Automated Vulnerability Scanning
Network Vulnerability Scanners
Web Application Scanners
Database Scanners
Configuration Scanners
Scan Types and Approaches
Authenticated Scanning
Unauthenticated Scanning
Internal Network Scans
External Perimeter Scans
Results Management
Vulnerability Prioritization
False Positive Identification
False Negative Mitigation
Risk Rating Assignment
Reporting and Documentation
Executive Summaries
Technical Findings
Remediation Guidance
Compliance Mapping
Penetration Testing
Testing Scope Categories
External Penetration Testing
Internal Network Testing
Wireless Network Testing
Social Engineering Testing
Physical Security Testing
Team-Based Testing Approaches
Red Team Operations
Blue Team Defense
Purple Team Collaboration
White Team Oversight
Specialized Testing Types
Assumed Breach Testing
Targeted Attack Simulation
Advanced Persistent Threat Simulation
Testing Methodologies
Goal-Oriented Testing
Compliance-Driven Testing
Threat-Based Testing
Security Auditing
Audit Types and Frameworks
Compliance-Based Audits
Risk-Based Audits
Operational Audits
Audit Components
Policy and Procedure Review
Configuration Assessment
Access Control Verification
Change Management Review
Evidence Collection
Log Analysis
Interview Processes
Document Review
System Observation
Audit Reporting
Finding Classification
Control Effectiveness Assessment
Improvement Recommendations
Risk Assessment
Asset Management
Asset Identification
Asset Classification
Asset Valuation
Dependency Mapping
Threat Analysis
Threat Identification
Threat Actor Profiling
Attack Vector Analysis
Threat Intelligence Integration
Vulnerability Assessment
Technical Vulnerabilities
Process Vulnerabilities
Human Factor Vulnerabilities
Risk Calculation Methods
Qualitative Risk Analysis
Quantitative Risk Analysis
Semi-Quantitative Approaches
Risk Treatment Strategies
Risk Mitigation
Risk Acceptance
Risk Transfer
Risk Avoidance
Static Code Analysis
Manual Code Review
Secure Coding Standards
Code Review Checklists
Peer Review Processes
Automated Static Analysis
Static Application Security Testing Tools
Code Quality Analysis
Dependency Vulnerability Scanning
Analysis Techniques
Control Flow Analysis
Data Flow Analysis
Taint Analysis
Pattern Matching
Common Vulnerability Patterns
Input Validation Flaws
Authentication Weaknesses
Authorization Bypasses
Cryptographic Misuse
Dynamic Application Testing
Dynamic Analysis Approaches
Black-Box Dynamic Testing
Grey-Box Dynamic Testing
Interactive Application Security Testing
Runtime Analysis Techniques
Behavior Monitoring
Memory Analysis
Network Traffic Analysis
System Call Monitoring
Input/Output Validation
Boundary Testing
Format String Testing
Buffer Overflow Detection
Performance and Security Correlation
Fuzz Testing
Fuzzing Methodologies
Mutation-Based Fuzzing
Generation-Based Fuzzing
Evolutionary Fuzzing
Target Categories
Protocol Fuzzing
File Format Fuzzing
API Fuzzing
Web Application Fuzzing
Monitoring and Detection
Crash Detection
Anomaly Identification
Code Coverage Analysis
Fuzzing Tools and Frameworks
Open Source Fuzzers
Commercial Fuzzing Platforms
Custom Fuzzer Development
Previous
2. Security Testing Methodologies
Go to top
Next
4. Penetration Testing Execution Standard