Types of Tests
Functional Testing
Verifies the actions, behavior and requirements of an application
Requires the functional specification documentation to perform
Describes WHAT the application does
Is performed before non-functional testing
-
Unit test - testing the smallest testable part of any software
-
System test - test of complete and integrated software
-
Integration test - individual units of software are combined and tested as a group
-
Interface test - verifies communication between two different software
-
User acceptance test - system is tested for acceptability
-
Regression test - verifies code change does not have an impact on existing functionality
-
User Interface (UI) / User Experience (UX) test
-
Localization / globalization test
-
White box test
-
Black box test
-
Interoperability test
-
Error condition test
Non-Functional Testing
Verifies the performance and expectation of an application
Needs performance specification documentation to perform
Tests should be measurable
Describes HOW the application works
Is performed after functional testing
-
Performance / efficiency test - extent to which system can handle capacity, quantity and response time
-
Reliability / robustness test - continuously performs the specified function without failure
-
Scalability test - the degree in which a system can expand its process capacity to meet an increase in demand
-
Survivability / availability test - continues to function and recover itself in case of a system failure
-
Usability test - ease at which the user can learn, operate, interact with a system
-
Portability test - flexibility of software to transfer from its current hardware and/or software environment
-
Installation test
-
Volume test
-
Load / stress / endurance / spike test
-
Compliance test
-
Maintainability test
-
Flexibility test
-
Disaster recovery test
Security Testing
-
Discovery - Analyze scope and threat
-
Vulnerability scan - Automated scan of a system against known vulnerabilities
-
Security scan - Manual or automated scans to identify network and/or system weaknesses
-
Vulnerability / Security / risk assessment - Testing to analyze the security risks to an organization
-
Penetration test - Simulated attack from a malicious hacker.
-
Security audit - Internal inspection of systems for security flaws
-
Posture assessment - Combines multiple tests to show an overall security posture of an organization
-
Regulatory compliance
Maintenance Testing
-
Regression testing
-
Maintenance testing
Simulations and Tabletop Exercises (TTX)
-
Regulators explicitly require operational and tested incident response
plans
-
-
NIST Cybersecurity Framework – Applies specifically to critical infrastructure players (but also across industries and sectors)
-
-
Provides for incident response plan testing
-
FFIEC (Finance) – Mandates testing of incident response (IR) plan (as well as DR and BCP) as part of bank examination
and audit processes
-
HIPPA (Healthcare) – Provides for auditing of incident response planning process
-
PCI DSS (Retail/Payments) – Requires operational incident response
plan
-
Enforcement actions have already begun
-
-
Focuses on failure to maintain adequate cybersecurity policies and procedures
-
-
e.g., first SEC action in 2015 against an investment adviser on this basis
Let us help you change your mindset and address cybersecurity