Wednesday, 28 August 2013

Posted by Precise Testing Solution | 13:26 | 1 comment
Security testing is an activity intended to bring out of flaws in the security mechanisms of a data system that protect data & maintain functionality as thought. Security Testing is a type of software testing that means to uncover exposures of the system & determine that its information and resources are saved from possible interlopers.
Security testing is a huge subject. Each and every technology that you use; whether it is programming words like PHP & .NET and a feature like authentication & input validation; introduces a new set of security exposures. 
What really should come in mind piece concerned about security?
  •  Authentication: The source of the application & its data is real.
  •  Authorization: Particular users should only get enter in to authorized functions.
  • Confidentiality: Data and information is protected from theft.
  • Integrity: The application & its data are not altered in course of time during transmittal.
  •  Non repudiation: Guaranteed that sender & receiver of data cannot deny having sent and received the information.
  • Focus Ares for Security:There are the four main focus areas to be included in security testing:
  • Network security: It’s involves looking for exposures in the network infrastructure (resources & policies).
  •  System software security: It’s involves assessing failing in the some software (operating system, & other software, database system).
  • Client-side application security: It deals with insuring that the client (browser and any such tool) can’t be manipulated.
  •  Server-side application security: It is involves making sure that the server code & its technologies are robust sufficient to fend off any invasion.

EXAMPLE OF A BASIC SECURITY TEST
This is the example of a very basic security test which one can perform on a web site or application:
1.       Login of the web application.
2.       Log out to the web application.
3.       Click on the button of the browser (Check if you are asked to login again and if you are allowed for the logged in application.)




OWASP

The meaning of “Open Web Application Security Project” (OWASP) is a greater resource for software security masters. Be ensuring to check out the “Testing Guide”:
WASP Top 10 security threats are:
  1.  Injecting injection
  2. Broken Authentication & Session Management
  3. Cross Site Scripting (XSS)
  4.  Unsafe Direct Target References
  5. Security in Misconfiguration
  6.  Sensitive Information Exposure
  7.  Escaping Function Level Access Control
  8. Cross Site Request Forgery (CSRF)
  9.  Using Known exposure Elements
  10.  Invalidated Redirects & Forwards

Use of Automated Security Scanner Tools
Using the over the attacks & checking that security application development best exercises have been followed is a large part of testing whether an application is protected or not. But one should not completely depend on manually testing them. It is a fast stepped world with a lot of time restraint. There are many tools in the market that can easily to check for each the security exposure in a go. The Nets parker community version demo can be downloaded free. Also there is online testing creature (tools); but I have not tried whatever those were better than the Nets parker.

1 comment:

  1. Hi
    Thanks for your post,

    This is good idea, even i wasn't aware about these things. Thanks for giving basic information about testing. I hope this will be benefecial for my web too

    Thanks
    Invoicing Software

    ReplyDelete

Bookmark Us

Delicious Digg Facebook Favorites More Stumbleupon Twitter