Definitions
DMCA
Security testing means
“ | accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.[1] | ” |
General
Security testing is
“ | [a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.[2] | ” |
“ | [t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.[3] | ” |
Overview
Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.
References
- ↑ 17 U.S.C. §1201(j)(1)(A).
- ↑ Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
- ↑ NIST Special Publication 800-152, at 135.
See also
- Active security testing
- Covert security testing
- External security testing
- Internal security testing
- NIST Special Publication 800-115 (Technical Guide to Information Security Testing and Assessment)
- Overt security testing
- Security test and evaluation
- Voting system security testing
- Security Audit Report