Explore a comprehensive security test plan for software development in this 45-minute conference talk from BSides Columbus Ohio 2015. Learn about layered security mechanisms, positive security models, and the principle of least privilege. Discover how to implement OAuth, session management, access control, and cryptography. Examine the four levels of security testing, from OS to verification requirements. Gain insights into handling input risks, error logging, data protection, and HTTP security. Understand the importance of malicious controls, business logic, and mobile security considerations. Conclude with a five-step process for immediate implementation of security testing in your software projects.