Testable security is a key concept in FIPS 140 standards. The application of this method to non-invasive attacks is a hot topic, both for FIPS 140-3 and ISO 17825. This presentation provides insights on relevant methodologies, based on real-world case studies. Testing divides into two tasks, namely “leakage detection” and “leakage analysis”. The first task is the less covered in the public literature. It involves techniques like variance tests, time-frequency signal analysis, cartography. It must be fast (and is ideally online) as the detection shall be tested on various time samples and X-Y (Z-theta) positions. The second task is more mature, and basically already drafted in ISO 17825. Basic distinguishers, aimed to detect simple albeit generic leakages with a low computational overhead are preferred. As a perspective, we will show that this methodology (i.e. 1. detection, 2. analysis) can also apply to perturbation attacks. Indeed, very recently, harmonic and impulse electromagnetic fault attacks have been shown to be realistic, even if the injection is far from the cryptographic resource. A case-study on this topic will be detailed, and especially how the detection first phase enables the definition of a winning attack second phase.