Print Friendly, PDF & Email

Cybersecurity testing and evaluation (T&E) checks whether software is vulnerable to cyber- attacks, and tests the impact of malicious or unexpected inputs on its operations.

Cybersecurity testing provides evidence that systems and information are safe and reliable, and that they do not accept unauthorized inputs.

Cybersecurity testing is a type of non-functional testing. Unlike functional testing, which focuses on whether the software’s functions are working properly (“what” the software does), non-functional testing focuses on whether the application is designed and configured correctly (“how” it does it). 

Several key elements are involved around cybersecurity testing and evaluation, such as threats and vulnerabilities. These are activities that can cause damage to an asset, or weaknesses in one or more assets that can be exploited by attackers.

Vulnerabilities can include such things as unpatched operating systems or browsers, weak authentication, and the lack of basic security controls like firewalls.

There’s also risk and remediation.

Cybersecurity testing and evaluation aims to evaluate the risk that specific threats or vulnerabilities will cause a negative impact to the business. Risk is evaluated by identifying the severity of a threat or vulnerability, and the likelihood and impact of exploitation.

Remediation has to do with the fact that cybersecurity testing is not just a passive evaluation of assets. It provides actionable guidance for remediating vulnerabilities discovered, and can verify that vulnerabilities were successfully fixed. 

There are several types of cybersecurity T&E. For example, vulnerability scanning is performed by automated tools. It is used to identify known vulnerabilities in software components, evaluate vulnerabilities to identify the risk to the organization, and assist with remediation. 

Penetration testing on the other hand is the process of stimulating real-life cyber-attacks against an application, software, system, or network under safe conditions. It can help evaluate how existing security measures will measure up in a real attack. Most importantly, penetration testing can find unknown vulnerabilities, including zero-day threats and business logic vulnerabilities.

Want to learn more? Tonex offers Cybersecurity testing and evaluation (T&E) Training, a two-day course where participants learn about different phases of risk management framework and different phases of T&E from characterizing the cyber-attack surface to vulnerability detection and adversarial assessment.

For more information, questions, comments, contact us.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.