Definitions[edit | edit source]

DMCA[edit | edit source]

Security testing means

accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.[1]

General[edit | edit source]

Security testing is

[a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.[2]
[t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.[3]

Overview[edit | edit source]

Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.

References[edit | edit source]

  1. 17 U.S.C. §1201(j)(1)(A).
  2. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  3. NIST Special Publication 800-152, at 135.

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.