INFORMATION SECURITY PORTAL

GUIDELINES -

SOFTWARE TESTING

Below is links to different webpages where information for testers are available. Depending on what is tested, more or less of the information is usefull.


The information covers privacy and security, it does not cover how to structure testing.

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework’s Static Appilication Security Testing tool Testers will be able to analyse and review their code quality and vulnerabilities without any additional setup. OWASP Risk Assessment Framework can be integrated in the DevSecOps toolchain to help developers to write and produce secure code.

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.


The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.

The vision is “Define the industry standard for mobile application security.” They are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Main Deliverables are; Mobile Security Testing Guide (MSTG), Mobile App Security Requirements and Verification, Mobile App Security Checklist and Presentations.

TBD, samt allt nedan.

A practical guideline from ISAC for implementing an ISMS  in accordance with the international standard  ISO/IEC 27001:2013.

The ISO27k Forum is a supportive and friendly global community of over 4,000 information security professionals, most of whom are actively using the ISO/IEC 27000-series standards and willing to share their queries, experience and expertise freely with others.
Membership of the Forum is free for those with a genuine professional interest in the ISO27k standards, particularly those who have practical implementation experience and knowledge they are willing to share with the community, and those who are taking their first baby steps towards adopting the standards.

SME Guide for the implementation of ISO/IEC 27001 on Information Security Management.

Small Business Standards (SBS) is the European association that represents small and medium-sized enterprises’ (SMEs)
interests in the standardisation process at both European and international level.

DIGITAL SME is a member of SBS and is a joint effort of 28 national and regional SME associations from EU Member States and neighbouring countries to put digital SMEs at the centre of the EU agenda.

A free webpage with some informatoin about the ISO27k standard.

Copyright © 2019-2020 InformationSecurityPortal.se - All Rights Reserved