1 Scope
2
References
3
Definitions
3.1 Terms
defined elsewhere
3.2 Terms
defined in this Recommendation
4
Abbreviations and acronyms
5
Conventions
6
Basic concept – Security testing
6.1 Detection
of known or published vulnerabilities
6.2 Detection
of unknown or zero day vulnerabilities
7
Security testing techniques
7.1 Vulnerability
scanning
7.2 Fuzzing
7.3 Source
code review
7.4 Binary
analysis
7.5 Penetration
testing
Appendix I – Flow chart
Appendix II – Other supplementary techniques for enhancing the security
of an ICT network
II.1 Password
strength assessment
II.2 Social
confidentiality assessment
II.3 Functional
security assessment
II.4 Wireless
scanning
II.5 Use of
secure cryptographic module and algorithm implementations
II.6 Network
sniffing
Bibliography