Security Testing Is Not All The Same: A Reference Taxonomy

Abstract

Security managers are always being offered new methods to test the security of their systems. Unfamiliarity with the terminology and types of testing can result in the manager not getting the services he or she is seeking. This article presents a taxonomy of terms in order to classify the different types of services available, and explain how each technique evaluates security controls in real-world settings.