CISSP Domain 6: The importance of security assessments and testing

Last updated:December 2017

Editor's note

Urgent requests, imminent deadlines or just plain old excitement -- there are a lot of reasons why applications and services get rushed into deployment before they're thoroughly vetted for vulnerabilities. But it’s up to infosec pros to pump the brakes and make sure anything entering the IT environment has undergone proper security assessment and testing, because all it takes is one line of bad code to create an exploit.

In this Security School, based on (ISC)² CISSP training material on Domain 6 of the exam -- Security Assessment and Testing -- learn about techniques and tools used to identify and resolve possible attack surfaces, as well as the importance of testing software for vulnerabilities early and often. In his video, expert Adam Gordon explains how infosec pros can partners with software teams to ensure security assessment and testing is performed before, during and after application development. In addition, Gordon provides a comprehensive overview of different types of security testing techniques in his tip. 

Once you've reviewed the parts of this Security School on security assessment and testing, take the quiz to see how much you have learned about vulnerability assessment, threat modeling, code review and more.

View our Security School Course Catalog to view more schools.

CISSP® is a registered mark of (ISC)².

1Prepare for Domain 6: Security assessment and testing

Going back to the old adage of "better safe than sorry," performing a security assessment and testing on enterprise applications and services is one of those tasks you want to ensure is a regular part of your IT organization's workflow. Otherwise, overlooking this step can have drastic consequences.

Enterprise Desktop
Cloud Computing