Quality Testing

Quality is delighting customers

What are the important steps that need to cover in security testing?

What are the important steps that need to cover in security testing? Could you answer my question?

Thanks in advance

Regards,
Anu

Views: 270

Reply to This

Replies to This Discussion

Security Testing:A Testing type performed just to chk how robust n Reliable software we r going to deliver to our customer..

Security Testing compromise of Many Things...AS

1.Authentication
2.Authorization

Authentication :It means weather the user is authenticated to use this application or not.Means he must have User Id n Password.

Authorization:How much flexibility a user is assigned if he is authenticated for a particular Application.

As if u perform Testing for security purpose ..take a banking website for an example..

U must have to Test all thsese Steps..

1.He must have a valid user id n password.

2.Maximum hit of wrong user name or password shud block d access to that user for particular User name..

3.Session must expire if left for a particular time frame.

4.Copy n paste URL of d Account must redirect to home page of d website.

5.Transaction shud not be done if balance is below a particular Transferring Amnt.

n Many more..Bt all these are to be done for security Testing..

can ask or comment if u disagree..

Regards
Ravi
Great details provided Ravi.

What may be the possible generic scenarios while testing Window Based application for Security Testing?
Any difference while testing windows based application for security testing as compare to Web Application?
Agree with Ravi
Security of any product or web application is dealing with three terms:

CIA(Confidentiality,Integrity,Availaibility)
C- Data should not be observed by unauthorized person.
I- Data should not be modified by unauthorized person.
A- Data should be availaible to the right person to the right time to the right place.

As per said by Ravi Authentication and Authorization are also important aspect of security.

As a software tester you must concentrate on this issue first because customers information is great asset.

If you are working on the web application you should concentrate two more security threats
1. sql injection- Insertion of the sql query into the web application which can directly interact with thw backend database on server to reveal information stored in it.
2. cross site scripting- Insertion of the scripting code into client browser.so when client send data to server database, scripting code on client side get stored into the server database.when new user request for data from that database,new client would affect with that attached script performing unsecure operations with client browser like theft of user private data,functionality modified by script and many more.
  1. Do you include security requirements other than "authentication" in your Initial Requirements spec?
  2. During interviews, do your developers answers questions on security like "Protection against SQL Injection or CSRF"?
  3. Do you do hybrid security testing?
  4. Do you do security code reviews, at least once a year?
  5. Apart from Use-cases, do you create "Abuse cases"?
  6. Do you subscribe to security feeds from your application platform(s)?
  7. Do you do a security check for each release?
  8. Are your devs and architects trained on application security?
  9. Do you maintain a Secure Coding Standard for your Developers?
  10. Does your management understand/appreciate the impact of an application security breach?

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

¬© 2020   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service