CISSP Domain 6 — Security Assessment and Testing

6.2 Conduct Security Control Testing

Security control testing is the active process of verifying that safeguards are operating effectively. This involves a mix of automated tools, manual inspections, and simulated adversarial activities.

• » Vulnerability assessment
• » Penetration testing (Red/Blue/Purple teaming)
• » Log reviews
• » Synthetic transactions/benchmarks
• » Code review and testing
• » Misuse case testing
• » Coverage analysis
• » Interface testing (UI, Network, API)
• » Breach attack simulations
• » Compliance checks