As a part of cybersecurity specifications and architectural design, be sure to include coding and testing guidelines. Follow these steps to ensure well-establish coding specifications:

• Consider cybersecurity factors relevant to design, modeling, or programming notations and languages, such as syntax, semantics, modularity, abstraction, and resilience against vulnerabilities resulting from improper use.

• Address criteria not covered by the programming language through guidelines or the development environment, such as using language subsets or strong typing.

• Verify the implementation and integration of components to ensure that they fulfill defined cybersecurity specifications.

• Specify integration and verification activities, considering cybersecurity specifications, configurations, capabilities, and conformity with guidelines.

• Evaluate test coverage using defined metrics to determine the sufficiency of test activities.

• Conduct tests using functional testing, vulnerability scanning, fuzz testing, or penetration testing. If it's not possible to perform such tests, provide a rationale.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-3-supporting-and-tooling-offering/external-secrets-operator-eso/tasks/phase/specifications/318-T2514/

Training Modules

Continuous Compliance

• Dynamic application security testing (DAST)
• Static application security testing (SAST)
• Perform penetration testing

DevSecOps Fundamentals

• Application Testing Methods
• Testing

Secure Software Testing

• Make a Test Plan
• Implement Testing throughout the SDLC
• Automate your Testing
• Understand Testing Approaches
• Use Static Analysis
• Use Unit Tests
• Consider Test-Driven Development
• Set a Test Coverage Goal
• Fuzz Testing
• Security Regression Tests
• Use Negative Scenarios
• Test for Vulnerabilities
• Assess and Document all Failures
• Use Automated HTTP Testing for Web Apps
• Consider Automated UI Testing for Web Apps
• Use Pen Tests to Find Real-World Vulnerabilities
• Supplement Testing with a Web Security Scanner
• Use Stress Tests to Improve Resiliency
• Use Fault Injection to Test Mitigations
• Use Disaster Recovery Tests to Guarantee Safety

PCI Secure Software Lifecycle

• Static and Dynamic Software Security Testing

Secure Software Acceptance and Deployment

• Generate Safe Data for Testing

Secure Software Design

• Security standards and strategies