Showing posts with label security testing.. Show all posts
Showing posts with label security testing.. Show all posts

Penetration test process is basically used for finding security vulnerability from application. There are static and dynamic data are present in application which needs to be tested. Penetration will do code analysis, finds security vulnerability like malicious code as well as functionalities which may occur due to lake of security. For example proper encryption algorithm have been used or not, Hard coded user name and password have been used or not. This all kind of major area of application can be taken care in penetration test. Penetration testing can be done as automation and manual. For automate the application, we can use a tool like Vera code.

Penetration manual testing can be done with experts only as here static code analysis, business logic, design, control flow and application risk can be defined which provides highly assurance of application. Once any vulnerability have been founded in application by penetration then next step would be the identifying risk of the same in application. Thus, penetration is totally depends on complexity and size of the application as it will go through all the location of application, all process and data transmit have been verified and validate, all used environments have been checked, all key points and weakness of application can be detected. The main gold of penetration is, to clean all the vulnerability and unauthorized process of the application and malicious activity.

We have discussed about WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access) in our last article. This all are the protocols or we can say standard which have been used to secure wireless connections between clients and access points. Let’s move in details discussion for same.

Wireless_Security_Protocols

Web application security risk is explained in OWASP. This is worldwide community for security which explained about security risk to people or organizations. Full name of OWASP is, The Open Web Application Security Project. OWASP have define different types of vulnerabilities through which unauthorized user can access data of protected site or application. OWASP have aim of speeding concerns about the security of the application. Below are the details of each vulnerabilities.

Web Application Vulnerabilities

Wireless security is connected with the protection of device like computers, laptops, mobile phones, tablet which is attached with external network. How can we control threats and vulnerability of external network with our connected device is the main aim of wireless security.

wireless_Network1

Security testing is the most important testing type for finding vulnerability in the web site. Now a day’s Online transaction have taken place for each web site so security testing is the major activity which needs to be perform in testing phase of software testing life cycle. To gain the trust of customers towards web sites, security confirmation is given positive direction. Detail description of security is explained below.

Security Testing Approach

1. What is Security Testing?
  • Security testing itself explain that how can we protect our personal data by hacking, code damage or unauthorized user.
  • Security testing is the process that determines the personal data needs to be stay protected. Data which is not meant to share and discussed to other user that would not be allowed to explore and user must be able to do those task which is authorized to them only. No other operation should be allowed to perform with saved and protected data.
  • For example, if some website have their own key for Login functionally. Without that Key unauthorized user can work on this site by hijacking. This is the big vulnerability of that site. 
  • Also we can take an example for Bank Networking systems.
  • By testing a security, we can find the loopholes in application and after solving them we can protect our data. The main goal of security testing is the system reaction when unauthorized operation have been performed and how to prevent them to access data.
  • System analysis can perform a major part here. We must have system knowledge before we have start security testing.