Determine the Main Types of Security Issues
Based on the application characteristics, industry standards and data, and your previous experience, define the main types of
security issues that need to be tested. |
Identify the Users of the Test Policy
Categorize the potential users of the test policy, based on their security skills, application knowledge, testing
experience, familiarity with different tools and methodologies, and so on. |
Select Types of Security Tests to Include
Select the types of security tests based on the user types, potential security issues, and the timing of the test execution
within the overall development lifecycle. |
Publish the Security Test Policy
Review the changes to the Security Test Policy, and make it available to the target audience.
|
|