Testing the authentication of an application to check how will the application is secured
from unauthorized hackers or users is called security testing. It is a type of non-functional
testing. Security testing is basically a type of software testing that’s done to check how
secure the application or the product is? It also inspects to see if the application is
vulnerable to attacks, if anyone can hack the system or try to login to the application
without any authorization. It is a procedure to establish that an information system protects
data and preserves functionality as intended. The security testing is executed to check
whether there is any information breach in the sense by encrypting the application or using
wide range of software’s and hardware’s and firewalls etc.
Why do we do security testing:
In todays world Security is a major concern for all businesses they would like to safeguard
their databases, systems and networks. In an age of cybercrime hackers steal sensitive or
confidential information i.e., trade secrets, contact information, financial information &
business processes etc.,, carry out virus attacks to bring the systems down. Through security
testing you would test all possible scenarios on how to secure the information of the
application in order to protect the data. Big organisations such as Google, Amazon etc.,
Companies pay millions of dollars to people who can find critical security issues.
To check the top 50 vendors for their Distinct vulnerabilities meaning security or safety
issues please click on https://www.cvedetails.com/top-50-vendors.php
Yes, it is hard to believe but Microsoft stands on top of the list so is Google, Apple, IBM etc.,
who are Market leaders and with an annual revenue in Billions. “The bigger the company
the bigger the risk”. So, Security should be considered and tested through out the project
lifecycle. As it plays such an important part.
The six basic security concepts that need to be covered by security testing are:
confidentiality, integrity, authentication, availability, authorization and non-repudiation
Security Testing Areas:
Network Areas: Where security testing is conducted on policies and resources.
Client-side application security: it is the act of exploiting vulnerabilities in client-side
Server-side application security: This is done to check if the server code & its technology is
system software security: it is conducted on operating system and database system and
other software that the application depends on.
Types of Security Testing:
Vulnerability Scanning, Penetration Testing, Ethical Hacking, Security review/Risk
Assessment, Security Scanning & Security Auditing.
Techniques of Security Testing:
SQL Injection, Cross site scripting (XSS), Session expiry, URL Manipulation, Cross site request
for forgery (CSRF), Cookies based testing.