Quality Testing

Quality is delighting customers

Security Testing with Examples, How we can perform security testing for web application.

Views: 140

Reply to This

Replies to This Discussion

Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, availability and non-repudiation.

Confidentiality:
A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring.

Integrity:
A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.

Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication:
A measure designed to establish the validity of a transmission, message, or originator.
Allows a receiver to have confidence that information it receives originated from a specific known source.

Authorization:
The process of determining that a requester is allowed to receive a service or perform an operation.
Access control is an example of authorization.

Availability:
Assuring information and communications services will be ready for use when expected.
Information must be kept available to authorized persons when they need it.

Non-repudiation:
A measure intended to prevent the later denial that an action happened, or a communication that took place etc.

In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.
Security Testing mainly deals with Authorization and authentication.

Authentication: Users need to be user accts to enter into Applications

Authorization: Users must have permissions to view the pages

Hello buddy,

A mobile program is vulnerable to a security threat precisely as with any other program. With the development of a large number of programs that require sharing and storing sensitive information such as bank and credit card information, health-related data, and personal ID's to make trades.

This has made web application security testing for cellular programs more critical. It's imperative to identify the danger and figure out how to protect your cellular app against it. Assessing a test without knowledge about safety is near impossible.

Most of the mobile programs developed today make use of third-party codes and libraries. The third-party support is generally related to a form of security hazard to which an app is vulnerable. Even though the program developer might be aware of these threats, the open source elements of the app can ruin the performance. It can also sink the program in the industry even before they emerge.

Security Test Modification

Gartner has stated that the static program security testing (SAST) and lively application security testing (DAST) vendors are required to modify their test for mobile applications due to the enhanced degree of technological evolution in app development. Security testing evolves to the next level with the debut of behavioural analysis testing to monitor the GUI and background apps to detect risky behaviour.

Enterprise apps and the servers connected to cellular devices are continuously tested and secured. Many programs can be found in the program market, so the obligation of safety also rests on customers and partnerships also.

Regards

application security testing

As per practices of software testing services, Security Testing is a type of testing where one can perform testing by keeping in mind the threats and risks which can destroy the functionality and important data of the system.

Following are some of the techniques which needs to be followed while performing security testing:
1. Access to Application:
Under this technique, one can login to the application with all valid and invalid user roles and should verify that he should get restricted to access it with invalid logins.

2. Data Protection:
To follow this technique, tester should make sure that data maintained in database is in encrypted form so that it gets decrypted only on providing valid authcodes or password for it.

3. Brute-Force Attack:
Brute-Force Attack can be prevented by providing account suspension mechanism in which application blocks the account when continuous failure attempts are made to login the application.

4. Session Management:
Session management is also a necessary technique in security testing where session gets expire after some period of time if application remains idle.

5. Error Handling:
Error codes returned in case of any bad request or server error type issues should not contain any confidential details related to the application which can be used by any unknown sources.


Types of security testing:
1. Vulnerability scanning: Under this testing, complete application looks for the loopholes and vulnerabilities in the application.
2. Penetration testing: Under penetration testing, tester needs to test the application by thinking from a Hacker's mind.
3. Ethical hacking: Under ethical hacking, system is hacked by itself to obtain loopholes in the system, the purpose of ethical hacking is to improve the security of the network or systems by fixing the loopholes found during testing.
4. Risk assessment: Risks are measured in terms of security and then those risks are divided on the basis of High, Medium and Low
5. Security scanning: Security testing is performed basically to identify the network loopholes and then analysed those network weaknesses and resolve them
6. Security review: Security review include whether all the security standards are implemented accurately and consistent throughout the application which covers all the security gaps of the application.


Following are some of the Tools which are widely used in Security Testing:
1. Zed Attack Proxy: Zed Attack Proxy is one of best and easy to use tool for penetration security testing for finding loopholes and vulnerabilities in web applications
Compatiblity: Windows, Linux, Mac OS
2. BeEF: BeEF is also a powerful tool that focuses on web browser for the security related issues.
Compatiblity: Linux, Apple Mac OS X and Microsoft Windows
3. Wireshark: Wireshark is used for network related issues and troubleshooting them.
Compatiblity: Unix, Linux, and Windows
4. Oedipus: Oedipus is used to test web sites for application and web server vulnerabilities.
Compatiblity: It is OS Independent
5. Nmap: Nmap is used for network mapping and port scanning to get the vulnerabilities in network.
Compatiblity: Linux, Windows, and Mac OS X
6. Nikto: Nikto is kind of Web Scanner which scans the Web servers for dangerous/outdated server software and other server related issues.
Compatiblity: Windows/UNIX

Here are many great replies, that sufficiently answer your question, but from my side, I want to add that if you need quality security testing of your app, it's better to apply to a professional software testing company that offers such services. Specialized companies always provide high-skilled testing specialists, so you can be sure that your app will be perfect and will meet all security standards. 

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2018   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service