The present document defines terminology and an ontology which together provide the basis for a common understanding of security testing techniques which can be used in testing communication products and systems. The terminology and ontology have been derived from latest research@ but also current standards and best practices specified by a broad range of standards organizations and industry bodies. The present document aims to provide information to practitioners on techniques used in testing@ and assessment of security@ robustness and resilience throughout the product and systems development lifecycle. The present document lists terms and methods for the following security testing approaches: ? Verification of security functions and risk-based testing. ? Load@ stress and performance testing. ? Resilience and robustness testing (fuzzing). ? Penetration testing. Static Application Security Testing (SAST) tools and techniques are out of scope for the present document