You can count on well-written requirements, but you can't count on an adequate contribution of the stakeholders to the quality risk analysis. You have to mitigate the insufficient contribution of the stakeholders because the risk-based testing approach shall minimize the product risks. Your test team has one expert tester in security testing. Which of the following test activities would you expect to be the less important in this context?
A) Extract from the defect tracking system of the previous project all the security defects and failures, and classify them to support design and execution of specific tests.
B) Automate all functional and non-functional system tests.
C) Apply systematic and exploratory testing for integration and system test.
D) Perform exploratory testing sessions with adequate charters covering security aspects.

Question

Quizplus · Accepted Answer

While automating tests is a valuable activity, it is less important in the context of security testing. Security testing often requires more manual and exploratory testing to identify potential vulnerabilities and threats that may not be captured through automated testing alone. Therefore, choices A, C, and D are all important activities in the context of security testing, while choice B is less important.

You Can Count on Well-Written Requirements, but You Can't Count