Home / BA / Security Testing

Security Testing

Security Testing:  Testing the authentication of an application to check how well the application is secured from unauthorized users is called security testing. Security is an important requirement for an organization as it needs to secure the information in order to protect the data from financial and other impacts i.e. ensuring that all the personal data and info is secured from any potential hackers.


Security testing is used to find the security flaws in the application, ensuring that it is difficult to hack the application and making sure that the app is well secured from external intruders are hacking the application.


Principles of Security Testing:

Confidentiality:  To check the unauthorized users are not able to access the information and to make sure that the information is protected.  The confidentiality information is carried out at all the stages.

Integrity:  To check that the information received is not done with any alteration during the transit and making sure that the correct information is presented to the user as per the user restrictions.

Authentication:  It’s a process of identifying the users of the system before accessing the system as it allows the user to access the system information only if authentication is done.  Authentication can be done in different ways apart from user name and password like asking secret questions, OTP thru SMS, etc.

Authorization:  Once the authentication pass, the authorization comes into the picture to limit the user as per the permission set for the user.

Availability: The availability of the system is to make sure that the system is available for authorized users only.  In this, there are two types of databases, first being primary database and other is secondary database.

Non-repudiation:  Tracking who is accessing the system and which of the requests were done along with additional details like IP addresses etc.


Security Testing Areas:

Network Areas:  Security test is being conducted on the policies and resources.

Client-Side Application Security:  This details ensuring that the client cannot handled.

Server-Side Application Security: This makes sure that the server code and its technology code is  secured.

Application Software Security:  Security testing will be conducting on operating system, database system and other software that the application depends on.


Why we do security testing:

  • To avoid loss of customer trust
  • For security web application from hackers
  • The attackers can cause destruction and corruption to the data which may affect the popularity and productivity of your product.
  • To avoid website downtime, time loss and reduce the cost of recovering from damage.
  • Reduces the revenue
  • High cost in fixing the application for the future attacks
  • Legal issues and lawsuits for breach of trust


Types of security testing:

  • Vulnerability testing
  • Penetration testing
  • Ethical hacking
  • Risk assessment
  • Security scanning
  • Security review


Examples of security testing:

  • Strong password policy is taken care
  • Password is stored in encrypted form
  • Login/logout functionality
  • For financial and banking application, the browser back button should not work
  • In banking applications, credit card/debit card, password, etc. should flow in encrypted format


Techniques of security testing:

  • SQL injection
  • Cross site scripting (XSS)
  • Session expiry
  • URL manipulation
  • Cross site request for forgery (CSRF)
  • Cookies based testing


Who will perform this test?

  • Security testers
  • Security specialists
  • Network specialists

About N M Kalesha Vali

Check Also

What is BRD? How is it different from SRS?

BRD stands for Business Requirements Document, whereas SRS stands for Software Requirements Specification. Both documents …

Leave a Reply

Watch Dragon ball super