OffSec is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company has created multiple open source projects, advanced security courses, the ExploitDB vulnerability database, and the popular Kali Linux. It has recently released the Kali Purple platform, a dedicated platform for cyber defence analysts and a platform for security services.
Introduction to Assurance Testing is a brand new training course covering the defensive testing techniques used to establish a level of assurance that your server is secure. It is the first course of OffSec’s OSDA cyber defence learning path. This course introduces the context for security testing and explains how security testing aligns to the business.
Chapter 3: Creating and Using Security Test Documentation explains the documentation used in security related testing and introduces Kiwi TCMS as the test management tool of choice!
The course is part of Offsec’s fundamentals package which is designed as baseline knowledge and skills for all security professionals and in particular for those who wish to progress to the OffSec Defence Analyst (OSDA) certification. The Assurance Testing course, and the Kiwi TCMS tool which it uses, gives developers and security testers alike a good understanding of the best practice approach to test case management and helps build their skills in carrying out testing in a disciplined way. Using Kiwi TCMS provides the opportunity to improve the processes and documentation around security testing, and around the wider functional testing as well.
Kiwi TCMS bridges the gap between security requirements and software development by enabling standardized test cases to be developed by the security team whilst software developers and dedicated QA teams can use these same test cases to ensure that security requirements are met. With preset test plans and test cases, execution of security tests can proceed in the same way as for any other non-functional testing, and any issues identified during testing can be fixed and tests can be executed again.
Learning how to use Kiwi TCMS as part of the Introduction to Assurance Testing course helps both security teams and QA teams work together in a common environment to improve the quality and security of their software. Using Kiwi TCMS enables security teams to provide clear instructions to QA teams as to how to use specialist security testing tools. For example, having clear test cases for running the PowerShell audit tool for the Active Directory Certificate Server, PSPKIAudit, means that the test team can take advantage of a powerful testing tool without needing the specialist knowledge that might otherwise be required to use and interpret the results of such a tool.
If you like what we're doing and how Kiwi TCMS supports various communities please help us!