Security testing is an activity intended to bring out of flaws
in the security mechanisms of a data system that protect data & maintain
functionality as thought. Security Testing is a type of software testing that means
to uncover exposures of the system & determine that its information and
resources are saved from possible interlopers.
Security testing is a huge subject. Each and every technology
that you use; whether it is programming words like PHP & .NET and a feature
like authentication & input validation; introduces a new set of security exposures.
What really should come in mind piece concerned about security?
- Authentication: The source of the application & its data is real.
- Authorization: Particular users should only get enter in to authorized functions.
- Confidentiality: Data and information is protected from theft.
- Integrity: The application & its data are not altered in course of time during transmittal.
- Non repudiation: Guaranteed that sender & receiver of data cannot deny having sent and received the information.
- Focus Ares for Security:There are the four main focus areas to be included in security testing:
- Network security: It’s involves looking for exposures in the network infrastructure (resources & policies).
- System software security: It’s involves assessing failing in the some software (operating system, & other software, database system).
- Client-side application security: It deals with insuring that the client (browser and any such tool) can’t be manipulated.
- Server-side application security: It is involves making sure that the server code & its technologies are robust sufficient to fend off any invasion.
This is the example of a very basic security test which one
can perform on a web site or application:
1.
Login of the web application.
2.
Log out to the web application.
3.
Click on the button of the browser (Check if you
are asked to login again and if you are allowed for the logged in application.)
OWASP
The meaning of “Open
Web Application Security Project” (OWASP) is a greater resource for
software security masters. Be ensuring to check out the “Testing Guide”:
WASP Top 10 security threats are:
- Injecting injection
- Broken Authentication & Session Management
- Cross Site Scripting (XSS)
- Unsafe Direct Target References
- Security in Misconfiguration
- Sensitive Information Exposure
- Escaping Function Level Access Control
- Cross Site Request Forgery (CSRF)
- Using Known exposure Elements
- Invalidated Redirects & Forwards
Use of Automated Security Scanner Tools
Using the over the attacks & checking that
security application development best exercises have been followed is a large
part of testing whether an application is protected or not. But one should not completely
depend on manually testing them. It is a fast stepped world with a lot of time restraint.
There are many tools in the market that can easily to check for each the
security exposure in a go. The Nets parker community version demo can be
downloaded free. Also there is online testing creature (tools); but I have not
tried whatever those were better than the Nets parker.