Security testing is performed to identify the security loopholes in the application and get them fixed, with an intention of protecting the application data/information from getting hacked , In this security loopholes is called as vulnerabilities
Software testing is categorized into two types
- Functional testing
- Non functional testing
Security testing is the non functional testing ,because we don’t test the functionality of the application ,here we test how secure is the application. Finally Security testing is tested by the security testers.
Mainly in the stage of coding it helps for developers to detect the security risks in the application .
The six basic principles of security testing:
Security testing techniques :-
- Broken authentication to session management
- Sensitivity data expose
- Using automated tools
- Cross site request forgery
Focus Areas in Security Testing:
- Network Security In network security the vulnerabilities in the network may cause issues and threats so it should be focused .
- System Software Security operating system ,database system etc are plays a crucial part in software testing it should be prioritized .
- Client-side Application Security It helps to control the security issues that to be happened from the client side
- Server-side Application Security It will control the all the possible threats or any errors that to be happened from the server side
Examples of security testing of a web application :-
- Strong password policy is taken care.
- Password is stored in encrypted form
- Login/Logout functionality
- In banking and financial application back button should not work on the browser
- Mainly On banking applications creditcard/debitcard ,password, netbanking etc are to be flowed in encrypted format.
Types of security testing :
- Vulnerability Scanning
- Security Scanning
- Penetration Testing
- Security Audit/ Review
- Ethical Hacking
- Risk Assessment
- Posture Assessment
Firewalls, intrusion detection systems and network-based antivirus programs.
Paros Proxy is another useful tool for security testing mainly used in IBM , Paros will identify the interaction between the browser and the server for analysis.
Hence the Security testing is the most important in every information technology development .