Verification and test of software functions are the most tedious and very costly, and therefore, except verifying and testing the functions, performance and usability, it is hard to invest more time and labor to implement security test. Commonly, security experts will only conduct a brief security review before the software delivery. However, it is hard to discover relevant vulnerability of business by this way. Therefore, during verification and test, the testing personnel shall verify the Evil Scenario and Threat obtained in demand analysis and architecture design, and develop a specific automatic security function test basing on the Evil Scenario and Threat, for example, to test that a user cannot access another user's data, or that a normal user cannot across the permissions to access the administrator’s interface, so as to immediately discover security problems in daily verification and test.