"Software Testing Series - Security Testing" by Michael Pasono is an indispensable guide for navigating the complexities of security testing in the software development lifecycle. As part of the comprehensive Software Testing Series, this book is dedicated to helping software testers and developers safeguard their applications against ever-evolving threats.

Michael Pasono, a CISSP-certified expert in cybersecurity and systems quality improvement, shares his vast experience to illuminate the critical role of security testing. In today's digital landscape, where data breaches and cyberattacks are increasingly common, this book provides the essential strategies needed to protect sensitive data and ensure business continuity.

This volume explores the entire spectrum of security testing, beginning with an overview of the software development lifecycle (SDLC) and the importance of incorporating security measures from the very start. Pasono emphasizes the need for early security testing-shifting left in the SDLC-to identify and mitigate vulnerabilities before they become costly problems.

The book delves into specific security testing methodologies such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and penetration testing, offering detailed guidance on tooling, setup, and execution. It also addresses the unique challenges posed by cloud environments, providing insights into cloud-specific security tools and practices.

For those working with cutting-edge technologies, Pasono includes a chapter on security testing for AI/ML systems, highlighting the importance of protecting data, algorithms, and models from adversarial attacks. The book also covers critical areas like vulnerability scanning, auditing, monitoring, and the integration of security checks into CI/CD pipelines.

"Software Testing Series - Security Testing" is more than just a technical manual; it's a strategic resource for building secure software systems that can withstand the increasing threats of the digital age. With practical advice, best practices, and a focus on real-world application, this book equips readers with the knowledge to implement robust security testing frameworks and protect their organization's most valuable assets.

Security Testing

• Why Important
• Understand the software development lifecycle (SDLC)
• When does security testing start?
• Static Software Testing (SAST)
• Dynamic Software Testing (DAST)
• Penetration Testing
• Vulnerability Scanning, Auditing, Monitoring
• Other proactive controls
• Cloud Security Testing
• Cloud Security Tools
• Security Testing for AI and ML
• Types of Security Testing for AI and ML