Testing:

This process helps in discovering the vulnerabilities that were not discovered in the previous phases. System requirement documentation is the key input to this phase as the security team uses these requirements to make different test cases. The testers then use these test cases to do dynamic analysis of the software developed. The software is made to run in the testing environment and tested against all the test cases present. The dynamic analysis of software helps in discovering the high level vulnerabilities like SQL injection, cross site scripting etc. once all the vulnerabilities in the security are discovered, they are ranked and prioritized for further fixing of such bugs.