Wednesday, 30 September 2015

Security Testing

Security testing is a process of testing any software authenticity that is it is done to check whether any software is secured from any unauthorized attack or not.
Precise testing solutions contains certified security software tester. We follow all rules provided by standard organization like Open Web Application security Project (OWASP) and Web Application Security Consortium (WASC).

Software Security Testing:

Software security testing deals with protection of data by Information System (IS) and maintains its function as deliberated. The six basic security concepts that need to be covered by security testing are:
Confidentiality, integrity, authenticity, authorization, availability and  non-repudiation.

Terms That Are Common in Security Testing

Vulnerability Scan:

This helps in determining known security issues using automated tools in order to match with known vulnerabilities. Tool automatically set risk level without manual interference by test vendor.

Vulnerability Assessment:

In order to identify security vulnerabilities, it uses vulnerabilities scanning and places the vulnerabilities according to their level under the test.

Security Assessment:  

It builds upon vulnerability assessment by adding manual verification to conform exposure but does not include exploitation of vulnerabilities to gain further access. This verification could be by making an authorized access to the system to confirm system settings and have an eye on logs, system responses, error messages codes etc. A security assessment looks in to the large area of the system under test but not the depth exposure as specific vulnerability does.

Penetration test:

This test is done by replicate a malicious party attack. This provides information about ability of an attacker to gain access to confidential information. This approach deals in attack detail in larger sense as compared to Security Assessment.

Vulnerability/Risk Management:

For planning and conducting Security Testing, this is the first step to be taken. This process identifies vulnerabilities inside the system or application. Vulnerability analysis helps in forecasting effectiveness of proposed countermeasures after they are put into use.
Security testing is important in today’s world which cannot be ignored by one .The various new tools are being invented day by day, one has to be careful in choosing them based on application or system nature.

1. Babel Enterprise.
2. BFB Tester - Brute Force Binary Tester
3. Brakeman
4. Cross
5. Flawfinder
6. Gendarme
7. HCE.
8. HCE - HTML Comment Extractor / Parser.
9. Knock Subdomain Scan.
10. Metasploit.
11. Nessus.
12. Nikto.
13. Nsiqcppstyle.
14. Oedipus.
15. OSSTMM - Open Source Security Testing Methodology     Manual.

No comments:

Post a comment

Bookmark Us

Delicious Digg Facebook Favorites More Stumbleupon Twitter