ISEC 620 Homework 6

Testing is a crucial phase in the SDLC. The testing phase also comprises of a divert set of tools and techniques. Modules 6, 7, and 8 are dedicated to software testing and analysis. In this homework, you will compare software security analysis tools and techniques.

In the last module, you read Chapter 14 of Conklin & Shoemaker. In this module, you have been reading Chapters 15 and 16. These chapters contain a variety of different software security analysis tools and methods. These include, but are not limited to:

· Static Code Analysis

· Dynamic Code Analysis

· Peer Review

· Quality Assurance Testing

· Penetration Testing

· Fuzzing

Question 1

Briefly describe each method.

Question 2

Compare static and dynamic code analysis methods.

Question 3

What is the main difference between static & dynamic code analysis and penetration testing & fuzzing? Describe.

Question 4

How does the peer review process differ from other processes in the list? Describe.

Question 5

How does Quality Assurance Testing differ from the other processes in the list? Describe.

Question 6 – Weekly Learning and Reflection

In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Questions asked here will be summarized and answered anonymously in the next class.