Security testing is an activity intended to bring out of flaws in the security mechanisms of a data system that protect data & maintain functionality as thought. Security Testing is a type of software testing that means to uncover exposures of the system & determine that its information and resources are saved from possible interlopers.
Security testing is a huge subject. Each and every technology that you use; whether it is programming words like PHP & .NET and a feature like authentication & input validation; introduces a new set of security exposures.
What really should come in mind piece concerned about security?
- Authentication: The source of the application & its data is real.
- Authorization: Particular users should only get enter in to authorized functions.
- Confidentiality: Data and information is protected from theft.
- Integrity: The application & its data are not altered in course of time during transmittal.
- Non repudiation: Guaranteed that sender & receiver of data cannot deny having sent and received the information.
- Focus Ares for Security:There are the four main focus areas to be included in security testing:
- Network security: It’s involves looking for exposures in the network infrastructure (resources & policies).
- System software security: It’s involves assessing failing in the some software (operating system, & other software, database system).
- Client-side application security: It deals with insuring that the client (browser and any such tool) can’t be manipulated.
- Server-side application security: It is involves making sure that the server code & its technologies are robust sufficient to fend off any invasion.
This is the example of a very basic security test which one can perform on a web site or application:
1. Login of the web application.
2. Log out to the web application.
3. Click on the button of the browser (Check if you are asked to login again and if you are allowed for the logged in application.)
The meaning of “Open Web Application Security Project” (OWASP) is a greater resource for software security masters. Be ensuring to check out the “Testing Guide”:
WASP Top 10 security threats are:
- Injecting injection
- Broken Authentication & Session Management
- Cross Site Scripting (XSS)
- Unsafe Direct Target References
- Security in Misconfiguration
- Sensitive Information Exposure
- Escaping Function Level Access Control
- Cross Site Request Forgery (CSRF)
- Using Known exposure Elements
- Invalidated Redirects & Forwards
Use of Automated Security Scanner ToolsUsing the over the attacks & checking that security application development best exercises have been followed is a large part of testing whether an application is protected or not. But one should not completely depend on manually testing them. It is a fast stepped world with a lot of time restraint. There are many tools in the market that can easily to check for each the security exposure in a go. The Nets parker community version demo can be downloaded free. Also there is online testing creature (tools); but I have not tried whatever those were better than the Nets parker.