Analysis:
When planning and specifying security tests, it's essential to consider several critical aspects:
A. Identifying those from whom permission might be needed to run the tests:
True. It is crucial to get the necessary permissions, especially for penetration testing or other security tests that could be intrusive.
B. Re-assuring the (non-technical) Test Analysts that they will not need to be involved:
False. Security testing often requires a coordinated effort, and non-technical test analysts might still have roles, such as documentation, coordination, or assisting in test preparation. Excluding them entirely could lead to gaps in understanding and execution.
C. Ensuring that appropriate tools will be available for static analysis:
True. Having the right tools is vital for effective security testing, including static analysis tools for identifying vulnerabilities in the code.
D. Planning extra performance efficiency and reliability tests:
True. Performance efficiency and reliability are often linked to security (e.g., DoS attacks), so planning these tests is useful.
Explanation of Incorrect Option:
B: Excluding non-technical test analysts might undermine the testing process as they can still contribute in various supportive roles.
References:
The ISTQB CTAL-TTA syllabus covers security testing and the planning required, highlighting the need for comprehensive involvement of all relevant stakeholders.
Sources:
Submit