Showing posts with label What is Security Testing?. Show all posts
Showing posts with label What is Security Testing?. Show all posts

What is Security Testing?

What is Security Testing?
Security Testing is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
FOCUS AREAS
There are four main focus areas to be considered in security testing (Especially for web sites/applications):
  • Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
  • System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
  • Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
  • Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.
EXAMPLE OF A BASIC SECURITY TEST
This is an example of a very basic security test which anyone can perform on a web site/application:
  • Log into the web application.
  • Log out of the web application.
  • Click the BACK button of the browser (Check if you are asked to log in again or if you are provided the logged-in application.)
Most types of security testing involve complex steps and out-of-the-box thinking but, sometimes, it is simple tests like the one above that help expose the most severe security risks.
OWASP
The Open Web Application Security Project (OWASP) is a great resource for software security professionals. Be sure to check out the Testing Guide:https://www.owasp.org/index.php/Category:OWASP_Testing_Project
OWASP Top 10 security threats for 2013 are:
  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Known Vulnerable Components
  • Unvalidated Redirects and Forwards
BUILDING TRUST
There is an infinite number of ways to break an application. And, security testing, by itself, is not the only (or the best) measure of how secure an application is. But, it is highly recommended that security testing is included as part of the standard software development process. After all, the world is teeming with hackers/pranksters and everyone wishes to be able to trust the system/software one produces or uses.
at No comments:
Labels:
Subscribe to: Posts (Atom)

Handling Dynamic Elements in Selenium WebDriver

                       Handling Dynamic Elements in Selenium WebDriver Dynamic elements are those elements which have identifiers that a...

  • selenium code
    Script Creation For script creation, we would be using “Learning_Selenium” project created in the previous tutorial and “gmail.com” as t...
  • Test Scenarios as a user
    Test Scenarios as a user As a user, in addition to log in to the site, change password and change user setting, a user should be able...
  • Test Scenarios as an Admin
    Test Scenarios as an Admin As an admin, in addition to log in to the site, change password and change admin user setting, an admin user...