Skip to main content

Security Testing Basic

By
Security testing is an activity intended to bring out of flaws in the security mechanisms of a data system that protect data & maintain functionality as thought. Security Testing is a type of software testing that means to uncover exposures of the system & determine that its information and resources are saved from possible interlopers.
Security testing is a huge subject. Each and every technology that you use; whether it is programming words like PHP & .NET and a feature like authentication & input validation; introduces a new set of security exposures. 
What really should come in mind piece concerned about security?
  •  Authentication: The source of the application & its data is real.
  •  Authorization: Particular users should only get enter in to authorized functions.
  • Confidentiality: Data and information is protected from theft.
  • Integrity: The application & its data are not altered in course of time during transmittal.
  •  Non repudiation: Guaranteed that sender & receiver of data cannot deny having sent and received the information.
  • Focus Ares for Security:There are the four main focus areas to be included in security testing:
  • Network security: It’s involves looking for exposures in the network infrastructure (resources & policies).
  •  System software security: It’s involves assessing failing in the some software (operating system, & other software, database system).
  • Client-side application security: It deals with insuring that the client (browser and any such tool) can’t be manipulated.
  •  Server-side application security: It is involves making sure that the server code & its technologies are robust sufficient to fend off any invasion.

EXAMPLE OF A BASIC SECURITY TEST
This is the example of a very basic security test which one can perform on a web site or application:
1.       Login of the web application.
2.       Log out to the web application.
3.       Click on the button of the browser (Check if you are asked to login again and if you are allowed for the logged in application.)




OWASP

The meaning of “Open Web Application Security Project” (OWASP) is a greater resource for software security masters. Be ensuring to check out the “Testing Guide”:
WASP Top 10 security threats are:
  1.  Injecting injection
  2. Broken Authentication & Session Management
  3. Cross Site Scripting (XSS)
  4.  Unsafe Direct Target References
  5. Security in Misconfiguration
  6.  Sensitive Information Exposure
  7.  Escaping Function Level Access Control
  8. Cross Site Request Forgery (CSRF)
  9.  Using Known exposure Elements
  10.  Invalidated Redirects & Forwards

Use of Automated Security Scanner Tools
Using the over the attacks & checking that security application development best exercises have been followed is a large part of testing whether an application is protected or not. But one should not completely depend on manually testing them. It is a fast stepped world with a lot of time restraint. There are many tools in the market that can easily to check for each the security exposure in a go. The Nets parker community version demo can be downloaded free. Also there is online testing creature (tools); but I have not tried whatever those were better than the Nets parker.
Labels:

Comments

  1. Unknown25 July 2014 at 00:39

    Hi
    Thanks for your post,

    This is good idea, even i wasn't aware about these things. Thanks for giving basic information about testing. I hope this will be benefecial for my web too

    Thanks
    Invoicing Software

    ReplyDelete

Post a Comment

Popular posts from this blog

Steps To Hunt the Bugs Successfully

By
The testers should catch the bugs in software that they’re testing. Testers should try to catch as several vital bugs as soon as possible. Catching the crucial bug earlier on Product-Life-Cycle can save the Projects from financial losses & mitigate the risks as compared for catching the same at a later stage in SDLC. Steps to hunt the bugs: Sometimes it’s useful to break the rules: The following test cases, which were predefined a tester can miss the bugs so it makes it impossible’s to provide the product i.e. 100 percent bug free. If you-follow pre-determined test cases you risks becoming blind to outside the bugs. A first secret is to check the functionality under the test. It’ll be an effective channel to discover the more bugs, because functionality is not generally covered by the test cases. Examine the patterns: You might have noticed that the bugs can be often met in the groups, one can call them-gregarious. The testing a new but the similar functionality...
Post a Comment
Read more

Cross browser testing Tools

By
Cross Browser testing It is a process to test the web apps across multiple browsers. It involves the checking compatibility of the app across multiple web browsers & ensures that your web app’s works correctly across different web browsers. Tools for Cross Browser Testing Browser shots: The browser shots might be most exhaustive cross browser-testing tool that exists. Browser Shots includes all of most popular-browsers, like Firefox, Chrome, & Safari, along with the tons of another browser’s that might sound unfamiliar, like Sea Monkey, Flock, & Iceape. You can adjust the resolution, color-settings, & even Flash and JavaScript settings. Cross Browser Testing: It allows users to test their websites with over the hundred resolution or browser and Operating System combinations. This also has support to mobile web-browsers, which is crucial because the web traffic is making shift from the primarily desktop computer users to primarily mobile ...
Post a Comment
Read more

Mobile Application Testing: Strategy for Development

By
There are a huge number of demands and lots of competitions in the mobile application industries. In that demands and competitions, the mobile application testing has become more important. The testing phase of the mobile application testing looks like evil between the creative process and excitement of new products in the market. According to the survey, “In US, on an average 2-3 hours per day people spends their time on smartphones and tablets. On that time, they spent 80% on mobile application and remaining 20% on web applications.” Few list of key factors for successful mobile application testing strategies are: Selection of Device for Testing : Before introducing the mobile application test activities, first select the devices for testing the application. Selection decision is very important because only devices can help to targets maximum numbers of the customers for accessing the application. There are two parts for device selection: §   Device Model ...
Post a Comment
Read more