Which type of testing simulates an attack on the software to assess security?

The correct answer is penetration testing, which specifically focuses on simulating real-world attacks against software, applications, or systems to evaluate their security posture. This type of testing is intended to identify vulnerabilities that a malicious actor might exploit. During penetration testing, security professionals or ethical hackers utilize tools and techniques similar to those used by adversaries, enabling them to test the effectiveness of security controls and determine how well the software can withstand potential attacks.

Penetration testing provides valuable insights into the security weaknesses of a system or application, allowing organizations to remediate vulnerabilities before they can be exploited in actual attacks. It goes beyond generic testing approaches by providing a tactical assessment of security defenses in a realistic scenario, enhancing overall software security.

In contrast, static code analysis examines source code for vulnerabilities without executing the program, focusing solely on coding practices. Dynamic testing assesses the software while it is running to identify issues like performance and behavior, but it does not specifically simulate an attack. Regression testing verifies that existing functionalities work as intended after changes are made, ensuring that new code does not introduce new defects without emphasizing security vulnerabilities.