Main Description | The policy should include the following information, organized by role (Security
Auditor, Tester, Developer):
- Test environment
- Test approach, techniques, processes
- Automated tests to perform
- Application
- Infrastructure
- Noninvasive
- Invasive
- Custom
- Manual tests to perform
- Vulnerabilities to exploit
- Vulnerability prioritization criteria
- Reports to generate
|