Security Testing Basic

Security testing is an activity intended to bring out of flaws in the security mechanisms of a data system that protect data & maintain functionality as thought. Security Testing is a type of software testing that means to uncover exposures of the system & determine that its information and resources are saved from possible interlopers.

Security testing is a huge subject. Each and every technology that you use; whether it is programming words like PHP & .NET and a feature like authentication & input validation; introduces a new set of security exposures. 

What really should come in mind piece concerned about security?

•  Authentication: The source of the application & its data is real.
•  Authorization: Particular users should only get enter in to authorized functions.
• Confidentiality: Data and information is protected from theft.
• Integrity: The application & its data are not altered in course of time during transmittal.
•  Non repudiation: Guaranteed that sender & receiver of data cannot deny having sent and received the information.
• Focus Ares for Security:There are the four main focus areas to be included in security testing:
• Network security: It’s involves looking for exposures in the network infrastructure (resources & policies).
•  System software security: It’s involves assessing failing in the some software (operating system, & other software, database system).
• Client-side application security: It deals with insuring that the client (browser and any such tool) can’t be manipulated.
•  Server-side application security: It is involves making sure that the server code & its technologies are robust sufficient to fend off any invasion.

EXAMPLE OF A BASIC SECURITY TEST

This is the example of a very basic security test which one can perform on a web site or application:

1.       Login of the web application.

2.       Log out to the web application.

3.       Click on the button of the browser (Check if you are asked to login again and if you are allowed for the logged in application.)

OWASP

The meaning of “Open Web Application Security Project” (OWASP) is a greater resource for software security masters. Be ensuring to check out the “Testing Guide”:

WASP Top 10 security threats are:

1.  Injecting injection
2. Broken Authentication & Session Management
3. Cross Site Scripting (XSS)
4.  Unsafe Direct Target References
5. Security in Misconfiguration
6.  Sensitive Information Exposure
7.  Escaping Function Level Access Control
8. Cross Site Request Forgery (CSRF)
9.  Using Known exposure Elements
10.  Invalidated Redirects & Forwards

Use of Automated Security Scanner Tools

Using the over the attacks & checking that security application development best exercises have been followed is a large part of testing whether an application is protected or not. But one should not completely depend on manually testing them. It is a fast stepped world with a lot of time restraint. There are many tools in the market that can easily to check for each the security exposure in a go. The Nets parker community version demo can be downloaded free. Also there is online testing creature (tools); but I have not tried whatever those were better than the Nets parker.

Why testing required for Adult Website, Pornography Website or Application

Why testing required for Adult Website, Pornography website or Application

A site's often are showing and selling sexual products or services is called Adult Website, Pornography website or Application.

Why Testing required for Adult Website, Pornography website or Application

According to my observation, in the current scenario adult website is similar to the e-Commerce website has High Volume, High resolutions and Customer money because they are selling adult content to the customer. In this transection money is involve and most of the transaction is happen by online though credit card or online transaction.

Adult website is access by the large number concurrent users. The bandwidth usage of a pornography site is relatively high,

Adult websites are mainly selling the picture or video. Quality of videos are high resolution and large in size. This content should display properly in all the browser and platform.

In all resolution and browser setting, it should be display properly. All content should be load in into the browser in small time. The performance of the website should be good enough; they load the content in any network bandwidth or net speed

The content of the website need to more secure because these website are selling their content if these content are easy access able by the end user won’t pay.

There are many type of Adult Website, Pornography website or Application available into the marker.

1  .   Adult website with video content

2  .   Adult website with picture

3  .   Dating site

4  .   Adult story website or Sex stories website

5  .   Adult content sharing website

6  .   Adult Game Website

7  .   Adult e-Commerce website

8.   Adult Android and iPhone app

Growth of Adult Website, Pornography website or Application

The Internet filtering out company N2H2 says the no. of commercial adult sites on the internet has risen through 1800% above the last five years.

The company told in a media released in July alone; it described web sites comprising over twenty-eight million pages for its filtering the database. It said, it had now described over 260 million pages classified as the adult.

Company said its database contained fourteen million pages identified as adult in 1998; hence the development to 260 million symbolized an almost twenty fold increased in 5 years.

Statistics made from search engine “Google” supports the notion that an adult is permeative on the online. For example; a search Google on the word “porn”returned over eighty million pages, or "xxx" returned more over seventy-six million; it told.

Type of Testing required in Adult Website, Pornography website or Application

1   .   Functional Testing- Functional testing assures that the app is working as per the needs. Through function testing, we can test functionality and flow of the website.

2 .  Compatibility Testing: In the compatibility testing, we will test the application into the different browser or platform available into the market. Though compatibility testing we can check the look and feel of website in different browser and platform. It should be same for all browser or platform

3 .   Load Testing: Load testing is used for performance of the website. It shows how many used load can sustain the website into peak time.

4 .   Security Testing: This Testing confirms that the program can restrict access to unauthorized personnel and that the authorized personnel can access the functions available to their permission level.

iPhone,iPad,Tablet and Mobile Application Testing

Mobile Application Testing

In the present era mobile is widely used in the word. Mobile is the necessary part of daily life in the present scenario. We can’t think our life without mobile.

If you have any business, or you want to the take your business to the common customer, mobile is the bay way to reach door step to the most of the customer.

If, you are building the mobile application or mobile compatible website then application should work perfectly .There are many platform and browser available in the market. Your website or application should be working perfectly for all browser or platform. If it is not working in any specific browser or platform, you may lose thousand of potential customer.

Type of Mobile Devices

   1)   iPhone

   2)   iPad

   3)   Android

   4)   Tablet

   5)   iPod

There are many type of mobile application available in market that needs testing

1 Mobile social networking App

2 M-Commerce app

3 Mobile hardware related app like Camera App, Mobile Theme App

4 Mobile Games

5 Mobile Website

6 Mobile Native app

Why Testing required for mobile app:

Now a day’s mobile is a multi tasking device. At a time we are doing lots of work in the mobile like: when we are surfing net ,In between we get a call and SMS.

At present smart phone does not have enough ram for handling the entire thing at same time due to which your mobile may hang or your application may crash. The crash of the application is pathetic for the end user. As a result user will not be interested in using your application or website.

To prevent such situation, Testing is necessary part of any application either mobile desktop or website.

In the mobile so many things needs to resolve before releasing the App or website.

Now a day’s mobile application is not a small development task. Proper testing is necessary and app should be passing from different type of testing.

Type of Testing for mobile Application

1 Functional Testing- Functional testing ensures that the application is working as per the requirements. Most of the test conducted for this is driven by the user interface and call flows. Its application should be able to handle these interruptions by going into a suspended state and resuming afterwards.

2. Network carriers Testing- If your application is related to the mobile network provider of location wise. It should be tested well in all geographic location with multiple service provider. In this testing is performed to find out any glitches when a mobile application uses voice and/or data connection to perform some functions.

3. Performance Testing- In this testing we will check the how much me memory is consume by the application during using the app. Also check the  behavior of the application under certain conditions such as low battery, bad network coverage, low available memory, simultaneous access to application’s by multiple user.

4. Memory Leakage Testing- Memory leakage happens when a computer program or application is unable to manage the memory it is allocated resulting in poor performance of the application and the overall slowdown of the system. As mobile devices have significant constraints of available memory, memory leakage testing is crucial for the proper functioning of an application.

6. Compatibility testing- In the compatibility testing, we will test the application into the different browser or platform available into the market. In this testing verifies that the installation process goes smoothly without the user having to face any difficulty. This testing process covers installation, updating and uninstalling of an application.

All the APP or website should be backward or forward compatible of different version of browser or platform