Security Testing Made Simple by Smart Test Managers
Intelligent software testing managers lay their key focus on the security testing of their system, right from the early stages of the system's life cycle.
The process begins with the drafting of the security test documents. Your starting point can be the security test plan if you were assigned to perform functional testing on a system that is new or new to you, & which can be to familiarize yourself with the product. Generally people prefer one security test plan per release, but you may have one or more functional test plans, mostly depending on the size of your system & its complexity.
Next you can prepare a test case outline or test case document that will outline your test cases to be run with each test case. You can start by noting down & dividing the entire system into various security areas that you may be planning to use at the beginning of your test case documentation. Since test case outline document can grow to a gigantic size, you can have multiple test case outlines for every release. Each one of these can deal with a different security risk or product area.
The next you need to gather all the information you can find on the known product bugs & known security issues. You won't really analyze this information immediately, but you need to have some familiarity with it & have concrete data at hand to refer to later. With this you will have a much better idea of what security issues exist & a list of the ones you specifically want to consider.