Security testing means
|“||accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.||”|
Security testing is
|“||[a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.||”|
|“||[t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.||”|
Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.