SECURITY TESTING

Testing the authentication of an application to check how will the application is secured

from unauthorized hackers or users is called security testing. It is a type of non-functional

testing. Security testing is basically a type of software testing that’s done to check how

secure the application or the product is? It also inspects to see if the application is

vulnerable to attacks, if anyone can hack the system or try to login to the application

without any authorization. It is a procedure to establish that an information system protects

data and preserves functionality as intended. The security testing is executed to check

whether there is any information breach in the sense by encrypting the application or using

wide range of software’s and hardware’s and firewalls etc.

In todays world Security is a major concern for all businesses they would like to safeguard

their databases, systems and networks. In an age of cybercrime hackers steal sensitive or

confidential information i.e., trade secrets, contact information, financial information &

business processes etc.,, carry out virus attacks to bring the systems down. Through security

testing you would test all possible scenarios on how to secure the information of the

application in order to protect the data. Big organisations such as Google, Amazon etc.,

Companies pay millions of dollars to people who can find critical security issues.

To check the top 50 vendors for their Distinct vulnerabilities meaning security or safety

issues please click on https://www.cvedetails.com/top-50-vendors.php

Yes, it is hard to believe but Microsoft stands on top of the list so is Google, Apple, IBM etc.,

who are Market leaders and with an annual revenue in Billions. “The bigger the company

the bigger the risk”. So, Security should be considered and tested through out the project

lifecycle. As it plays such an important part.

The six basic security concepts that need to be covered by security testing are:

confidentiality, integrity, authentication, availability, authorization and non-repudiation

Network Areas: Where security testing is conducted on policies and resources.

Client-side application security: it is the act of exploiting vulnerabilities in client-side

application programs.

Server-side application security: This is done to check if the server code & its technology is

secure.

system software security: it is conducted on operating system and database system and

other software that the application depends on.

Vulnerability Scanning, Penetration Testing, Ethical Hacking, Security review/Risk

Assessment, Security Scanning & Security Auditing.

SQL Injection, Cross site scripting (XSS), Session expiry, URL Manipulation, Cross site request

for forgery (CSRF), Cookies based testing.