Software security is a broad and complex topic，Every new software may have new security flaws that do not conform to all known patterns。It is impractical to avoid all possible types of attacks due to security flaws。In software security testing，Use a set of good principles to avoid unsafe software coming to market、Avoid attacks on unsafe software，It's very important。

Basic concepts of software security testing

Software security testing includes program testing、network、Database security test。According to the system security index, the test strategy is different。

The weakest link is protected

Attackers often try to attack the most vulnerable links，This may not be surprising to you。Even if they spend the same amount of energy on all parts of your system，They are also more likely to find problems in the most needed parts of the system。This intuition is widely applicable，Therefore, our security test should focus on the weakest part of the test。

If you do a good risk analysis，To run a security test on the weakest link，It should be easy to identify what you think is the weakest component of the system，Eliminate the most serious risks，Is an important part of software security testing。

Is there a fail-safe

Examples abound in the digital world。Problems often arise because of the need to support insecure older versions of software。For example,Like what，The original version of the software was very“Naïve”，There's no encryption at all。Now the software wants to fix the problem，But it has built up a vast user base。In addition,，The software has deployed many servers that may not be upgraded for a long time。Updating smarter clients and servers requires interoperability with older clients that are not updated with the new protocol。The software hopes to force older users to upgrade，There is no expectation that older users will take up such a large part of the user base，That it's going to be really messy anyway。