Monday, 15 February 2016

What & Why Security Testing is required!!!!

Security is set of measure to protect a software / application against unauthorized user.

Security Testing gives the guarantee, that system and applications in any organization are free from threats that may be the cause of any big loss. Security testing of any application and system is a process of finding all threats and weakness which may result in loss of information or data.

Security Testing provides the facility to secure the customers’ information and keep private is a top priority for all companies.

Under Security Testing six basic security concepts are needed to cover:
·         Confidentiality
·         Integrity
·         Authentication
·         Availability
·         Authorization
·         Non-repudiation

Confidential is a security measure which protects against the revealing of information to parties other than the intendant recipient that is by no means the only way of ensuring the security.

·         Authorization is the process of demonstrating the identity of the write user.
·         Authorization is the processes of determining that a user is allowed to receive a service or performing any task. For example- Access Control.

·         Integrity is a process to check the information transferred from one application to another application is correct or not.
·         Integrity of information means to protect information modification against unauthorized use or parties.

Authentication can be in different form such as biometrics, Password, Radio Frequency identification, etc. Authentication may be involved verifying the identity of a person.

Availability is assuring information and communication services will be ready for use when need it. Information must be kept always available to authorized user so that they can access any time when they need.

Non-Repudiation means to control that a transferred message has been sent and receive by a party or users claiming to have sent or received the message.

Various Types of Software Testing:
There are various types of security Testing, they are explained as below:
v  Security Auditing
v  Posture Assessment
v  Ethical Hacking

Security Scanning involve identifying weaknesses of system and network and after that provides solutions reducing this risk. Security Scanning may be performed for both manual and automated scanning.

Penetration Testing involves understanding the ability of an attacker to gain access to confidential information.

Security Auditing:
 Security Auditing is a function to look at a particular control or compliance issue. Security Auditing is an internal inspection of application and operating system for security flaws.

Risk Assessment testing involves the analysis of security risk observed in the organized. Risk may be classified in Low, Medium and High.

Vulnerability Scanning testing is done through automated software to scan a system against known Vulnerability Signatures.

Why Security Testing Is Required??

Security Testing requires for following reasons:
v  Security Testing is required for network security.
v  It is required for System Software Security.
v  Security testing is also required for Client-side application security, and Server-side application security.
v  Security testing requires keeping confidentiality of information.


No comments:

Post a comment

Bookmark Us

Delicious Digg Facebook Favorites More Stumbleupon Twitter