Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

R066. Define components to be tested

This document contains the details of the security requirements related to the definition and management of system components in the organization. This requirement establishes the importance of defining the components to be tested during an ethical hacking exercise.


The components to be tested (in white box tests) must be defined.


There must exist a list of system components to be tested during the different stages of the development life cycle.


  1. Once the system components have been identified, the testing plan for those mentioned above must be established in order to ensure the control of the possible existing vulnerabilities. The list of components to be tested must be delivered during the execution of each testing stage.


  1. A system component remains untested because it was not identified during the testing stage and it is exploited in the production stage.


  1. Layer: Business.

  2. Asset: Security architecture.

  3. Scope: Adherence.

  4. Phase: Testing.

  5. Type of Control: Recommendation.

Service status - Terms of Use