Page 1101 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1101
Testing Your Software
Software is a critical component in system security. Think about the
following characteristics common to many applications in use
throughout the modern enterprise:
Software applications often have privileged access to the operating
system, hardware, and other resources.
Software applications routinely handle sensitive information,
including credit card numbers, social security numbers, and
proprietary business information.
Many software applications rely on databases that also contain
sensitive information.
Software is the heart of the modern enterprise and performs
business-critical functions. Software failures can disrupt
businesses with very serious consequences.
Those are just a few of the many reasons that careful testing of
software is essential to the confidentiality, integrity, and availability
requirements of every modern organization. In this section, you’ll
learn about the many types of software testing that you may integrate
into your organization’s software development lifecycle.
This chapter provides coverage of software testing topics.
You’ll find deeper coverage of the software development lifecycle
(SDLC) and software security issues in Chapter 20, “Software
Development Security.”
Code Review and Testing
One of the most critical components of a software testing program is
conducting code review and testing. These procedures provide third-
party reviews of the work performed by developers before moving code
into a production environment. Code reviews and tests may discover
