Security Assessment & Testing
Đánh giá & Kiểm thử Bảo mật
Domain 6 covers security testing methodologies, OWASP vulnerabilities, audit frameworks, and security metrics. Critical for understanding how to measure and verify security controls.
12%
Exam Weight
Domain Progress
0 / 5 lessons complete
5 Lessons
Vulnerability Assessment & CVSS Scoring
Đánh giá Lỗ hổng & Chấm điểm CVSS
VA process (Nessus, Qualys, OpenVAS), CVSS severity bands and remediation SLAs, VA vs Pen Test distinction, CVE identifiers, and false positive triage.
Penetration Testing Methodology
Kiểm thử Xâm nhập
Black/gray/white box testing, 7 pen test phases, Rules of Engagement, red/blue/purple teams. BSP VAPT requirements for Partner E go-live.
OWASP Top 10 (2021)
OWASP Top 10 Lỗ hổng Bảo mật Web
All 10 categories with TS-specific risk mapping. A01 Broken Access Control is now #1 (not Injection). SSRF, SQL injection, vulnerable components mapped to Platform C architecture.
SAST, DAST, SCA & Fuzzing
Kiểm thử Bảo mật Ứng dụng
Application security testing tool types, DevSecOps pipeline sequence, security gates, and the Platform C GitHub Actions security gate stack (gosec, Semgrep, govulncheck, Trivy, TruffleHog).
Audit & SOC 2
Kiểm toán Bảo mật & SOC 2
Audit types, SOC 1/2/3 reports (Type 1 vs Type 2), BCP/DR test types from tabletop to full interruption, MTTD/MTTR metrics, continuous monitoring.