• Online, Self-Paced
Course Description

It's not enough to integrate secure coding into your software designs; it's equally important to test that your controls function properly. In this course, you'll learn best practices for testing for security and quality insurance, including artifact testing, functional and nonfunctional testing, and bug tracking. This course also covers some of the essential testing types such as penetration testing, scanning, simulation testing, failure testing, and cryptographic validation. Finally, you'll explore options for dealing with test results, such as the importance of impact assessments and corrective actions you can take with less than perfect results. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.

Learning Objectives

Testing for Security and Quality Assurance

  • start the course
  • recognize characteristics of testing artifacts
  • identify characteristics of functional testing
  • distinguish between nonfunctional testing methods
  • distinguish between white-, grey-, and black-box testing
  • identify environment best practices for ensuring secure software testing
  • distinguish between bug tracking states
  • recognize characteristics of attack surface validation for software testing
  • distinguish between testing standards for software quality assurance

Testing Types

  • identify the four steps in the penetration process
  • recognize characteristics of the fuzzing method
  • recognize characteristics of scanning
  • recognize characteristics of simulation testing
  • recognize characteristics of testing for failure
  • recognize characteristics of cryptographic validation
  • recognize characteristics of regression testing
  • recognize characteristics of continuous testing

Working with Test Results

  • recognize characteristics of impact assessment
  • recognize options for addressing bugs
  • identify best practices in test data lifecycle management

Practice: Secure Software Testing Best Practices

  • identify best practices for securely testing software

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cybersecurity Management
  • Executive Cyber Leadership
  • Systems Analysis
  • Systems Architecture
  • Systems Development
  • Systems Requirements Planning
  • Test and Evaluation


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.