SUBSCRIBE HERE TO GET POST UPDATES VIA EMAIL :

Delivered by FeedBurner

Security Testing Introduction

1. What is Security Testing?
  • Security testing itself explain that how can we protect our personal data by hacking, code damage or unauthorized user.
  • Security testing is the process that determines the personal data needs to be stay protected. Data which is not meant to share and discussed to other user that would not be allowed to explore and user must be able to do those task which is authorized to them only. No other operation should be allowed to perform with saved and protected data.
  • For example, if some website have their own key for Login functionally. Without that Key unauthorized user can work on this site by hijacking. This is the big vulnerability of that site. 
  • Also we can take an example for Bank Networking systems.
  • By testing a security, we can find the loopholes in application and after solving them we can protect our data. The main goal of security testing is the system reaction when unauthorized operation have been performed and how to prevent them to access data.
  • System analysis can perform a major part here. We must have system knowledge before we have start security testing.

2. What should be the approach of Security testing?

  • Security Testing is not only the part of the testing phase. As per software development life cycle, Security can be discussed from analysis stage only.
  • At Analysis phase application modeling or design can be reviewed.
  • At development phase, one round of security testing can be done by developer also.
  • At testing phase, Vulnerability and penetration testing can be done by the testers and detail report can be prepared.
  • Here we need to take care about one thing, By applying scenario for security testing , required Functionally of an application should not be ignored.
  •  This is the right approach to verify security for the application or website. 

3. Why Security testing is needed?

  • This testing comes under non-functional testing roof. Thus, in most of the case, People can ignore this and concentrate on Functional testing.
  • But now a day when hackers can find vulnerability very easily in each web site or application so people have to make efforts for security testing. 
  • Even Functionality is working fine but what if your site will be hacked and user will not be able to access their protected data further?
  • Thus Security testing is as important as functionality testing and GUI testing.
  • For Example, if you want to transfer money from one account to another account then money should be transfer from your authorized account only. If you will enter any other account details and Bank will be allow transferring money to another account then it will be a major bug of Bank networking system.

  • Same way we can take example for OTP message which can be sent while money transaction from one account to another account. Here OTP must be sent to authorize mobile number only and End users have to enter that OTP on bank web site for transferring the money.

4. Security Testing Techniques :

  • There are so many techniques for security testing. We can consider below techniques.
  • Vulnerability assessment: To classify the loopholes from the computer, network or communication infrastructure vulnerability assessment can be used.
  • Static Analysis: Program and code analysis can be done in this technique and we can analyze this with use of different tools.
  • Penetration Testing: Process of gathering data about the target or identify points from where attacker can enter to the application can be known as penetration.
  • Fuzz Testing: This testing can be used to pass so many random data to the application as fuzz and verify that application behavior whether it will crash or not.
  • Further techniques will be explained in detail in next article. This all are the basic technique for security testing.

5. When to stop security testing? OR Can we give a Security Certificate for our application?

  • Well, we can say the security testing is never ending process or we cannot give any certificate for assuring security of any application.
  • But as we are defining Functional testing by verifying all the requirement of application, the same way we can define security for each module or sub method of application.

No comments:

Post a Comment