Abstract
This paper reviews security testing, covering the concepts and notions essential to the discipline. The following analysis uses an inverted funnel approach to reduce the broad topic of software testing into its constituent parts. With this framework in mind, the paper will attempt to answer the following questions. Why is software testing significant? What are the roles of users and developers as they relate to software? What techniques are commonly used when testing software? Is the discipline of software testing unified; if not, what controversies exist, and what do they concern? What is security testing? What is the purpose of security testing? What metrics are used to guide security testing? What are common threats that hamper or impede security testing? How can developers mitigate the risk posed by security threats; what defensive options are available? What improvements can be made to software testing? What can occur in the absence of software/security testing?