Quality Testing

Quality is delighting customers

What do you mean by security testing?

Security Testing is a part of Software Testing which guarantees, that the various systems and applications in a company, are free from any loose ends that may bring about a major penetration. Security testing of any system is about discovering every single loophole proviso and shortcomings of the system which may result into lost data because of the employees or outsiders of the organization.

The major objective of security testing is to extract the threats in the system and measure its likely vulnerabilities. It additionally helps in recognizing all conceivable security breaches in the system and help the development team in settling these issues through coding.

Illustrative checkpoints for Security Testing:

Here are a few illustrative scenarios to give you a fair bit of idea about the security test cases.

  • Verify session and cookies time for application.

  • For finance related sites, Browser back button ought not work.

  • Password ought to be encrypted.

  • System or application ought not permit invalid users.

Security Testing types :

Security testing is divided into seven major types. They happen to be as follows:

– Vulnerability scanning

– Security scanning

– Penetration testing

– Risk Assessment

– Security Auditing

– Posture Assessment and

– Ethical hacking

  • Vulnerability Scanning: This is carried out through automation to filter a software against existing vulnerability signatures.

  • Security Scanning: It includes finding of system and network related vulnerabilities, and later give solutions for decreasing these risks. This checking can be performed for both Manual and Automated testing.

  • Penetration testing: This type of testing reenacts an attack from a malevolent hacker. This testing includes investigation of a specific system to check for potential vulnerabilities to an outer hacking endeavor.

  • Risk Assessment:This type of testing includes investigation of security risks seen in the organization. Risks are assigned as Low, Medium and High based on its priority. This testing prescribes controls and measures to lessen the risk.

  • Security Auditing: This is an internal review of Applications and Operating systems for security blemishes. Review or an audit should likewise be possible by means of line by line examination of the code.

  • Ethical hacking: It’s hacking an Organization Software systems. Not at all like malicious hackers,who penetrate a system for their own gains , the plan is to uncover security imperfections in the system.

  • Posture Assessment: This consolidates Security scanning, Ethical Hacking and Risk Assessments to demonstrate a general security stance of an organization.

Security testing methodologies :

In security testing, diverse methodologies are in practice, and they are as below:

Tiger Box: This hacking is typically done on a laptop which has an accumulation of OSs and hacking tools. This testing assists penetration testers and security testers to perform vulnerabilities assessment and attacks.

Black Box:  Tester is approved to do testing on everything related to the network topology and the innovation.

Grey Box:  Partial data is given to the tester about the system, and it is a blend of white and black box models.

Views: 115

Reply to This

Replies to This Discussion

What do you mean by security testing?

Security Testing is a part of Software Testing which guarantees, that the various systems and applications in a company, are free from any loose ends that may bring about a major penetration. Security testing of any system is about discovering every single loophole proviso and shortcomings of the system which may result into lost data because of the employees or outsiders of the organization.
Illustrative checkpoints for Security Testing:

Here are a few illustrative scenarios to give you a fair bit of idea about the security test cases.

Verify session and cookies time for application.

check the Software testing tutorial guide for all beginner: https://www.janbasktraining.com/blog/software-testing-tutorial/ 

Security testing is a discipline of testing and analyzing applications for security vulnerabilities. It’s a hugely important phase in the application lifecycle no matter if you are building new applications or updating existing ones.

It’s also of the utmost importance to carry out application security testing and if you don’t there will be consequences for business.

How to face the threats

There are many sorts of vulnerabilities. Just as there are many sorts of threats. So the question arise: “How to respond to these threats?“

Because of this variety of threats, it is important to monitor latest trends and methods used by the attackers.

Security tests show that more than a half of all exploits for web applications are actually related to cross-site scripting and SQL injection vulnerabilities.

IT departments from all over the world are under a lot of pressure from their businesses to deliver new applications and services. Therefore, it isn’t rare that security is delivered just as an afterthought at the end of the project.

Because of that, where there is a larger range of security issues it is important to integrate security framework.

security-testing

Security testing company in usa

As per practices of software testing services company, Security Testing is a type of testing where one can perform testing by keeping in mind the threats and risks which can destroy the functionality and important data of the system/application.

Following are some of the approaches which can be followed while performing security testing:
1. Access to Application:
Under this approach, one can login to the application with all valid and invalid user roles and should verify that he should get restricted to access it with invalid logins.

2. Data Protection:
To follow this approach, tester should make sure that data maintained in database is in encrypted form so that it gets decrypted only on providing valid auth code or password for it.

3. Brute-Force Attack:
Brute-Force Attack is something where hackers can easily access the website or servers by trying different combinations of usernames and passwords. Testers can approach its testing by providing account suspension mechanism in which application blocks the account when continuous failure attempts are made to login the application.

4. Session Management:
Session management is also a necessary technique in security testing where session should get expire after some period of time if application remains idle.

5. Error Handling:
Error codes returned in case of any bad request or server error type issues should not contain any confidential details related to the application which can be used by any unknown sources. For example, if an application is throwing an error while login so in that case there should be no confidential details of the user or website displayed either in console or any other add-on/plugin which is being used to track that error as these can be used by any third party unknown sources.


Types of security testing:
1. Vulnerability scanning: Under this testing, complete application looks for the loopholes and vulnerabilities in the application.
2. Penetration testing: Under penetration testing, tester needs to test the application by thinking from a Hacker's mind.
3. Ethical hacking: Under ethical hacking, system is hacked by itself to obtain loopholes in the system, the purpose of ethical hacking is to improve the security of the network or systems by fixing the loopholes found during testing.
4. Risk assessment: Risks are measured in terms of security and then those risks are divided on the basis of High, Medium and Low
5. Security scanning: Security testing is performed basically to identify the network loopholes and then analyzed those network weaknesses and resolve them
6. Security review: Security review include whether all the security standards are implemented accurately and consistent throughout the application which covers all the security gaps of the application.


Following are some of the Tools which are widely used in Security Testing:
1. Zed Attack Proxy: Zed Attack Proxy is one of best and easy to use tool for penetration security testing for finding loopholes and vulnerabilities in web applications
Compatiblity: Windows, Linux, Mac OS
2. BeEF: BeEF is also a powerful tool that focuses on web browser for the security related issues.
Compatiblity: Linux, Apple Mac OS X and Microsoft Windows
3. Wireshark: Wireshark is used for network related issues and troubleshooting them.
Compatiblity: Unix, Linux, and Windows
4. Oedipus: Oedipus is used to test web sites for application and web server vulnerabilities.
Compatiblity: It is OS Independent
5. Nmap: Nmap is used for network mapping and port scanning to get the vulnerabilities in network.
Compatiblity: Linux, Windows, and Mac OS X
6. Nikto: Nikto is kind of Web Scanner which scans the Web servers for dangerous/outdated server software and other server related issues.
Compatiblity: Windows/UNIX

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2019   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service