Chapter 10 – Security testing: vulnerability assessments and penetration testing

This chapter introduces the security testing assessment method, and differentiation between automated and manual techniques. Throughout the remainder of this chapter, a review of two types of security testing vulnerability scanning and penetration testing are provided, including the rules of engagement for documenting the purpose of the security test, and detailed guidelines and constraints regarding the execution of security testing. Finally, the FedRAMP security testing requirement are discussed with the focus on vulnerability and penetration testing activities.