Skip to main content

Security Testing - I - Web Testing - I

Security Testing - Web Testing 

Security is set of measures to protect an application against unpredictable actions that causes it to terminate functioning.

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended.

This is type of non functional testing.

For minimizing the defects by identifying threats in the system and cost of quality, the security testing must be started at the early stage of Software development life cycle.

The following figure is shown the relation between Software development life cycle and security testing.


Test plan should includes
  • Test scenarios and test cases related to the security.
  • Test data related to the security test cases.
  • Test tools for security testing and test outputs on the different test tools

Security Testing Approach

1. Identify all the business requirements, security goals and objectives in terms of security compliance of the organization.
2. Analyze requirements of the application under test.
3. Classify security testing ( Collect all system setup information )
4. Prepare threat profile.
5. Prepare test plan based on the identified threats.
6. Prepare traceability matrix.
7. Identify security testing tools.
8. Prepare security test cases.
9. Execute the test cases ( Perform the security test cases execution and retest the defects fixes).
10. Prepare detailed report of security testing.

Types of security testing



1. Vulnerable Scanning - 
By using an automated software, the system is scanned for finding out the loopholes and vulnerable signature.

2. Security Scanning - 
By using an automated software or manually, the system is scanned to find out the network and system weakness. After analyzing the weakness of network and system, they provide solutions for risks.

3. Penetration Testing - 
This involves analysis of system to check for potential vulnerabilities to an external hacking attempt. Access is required to only the system on which the penetration testing will be conducted.

4. Risk assessment - 
This is done for analysing security risks observed in the organization. The observed risks can be categorized as Low, Medium and High. After analyzing the risks. they provide solutions.

5. Security Auditing - 
This is done by checking all the security standards are followed and implemented properly through gap analysis and code or design reviews.

6. Ethical Hacking - 
It is hacking an organizational systems. Access is required to a wide range of computer system throughout an IT infrastructure. 

7. Posture Assessment - 
This is the combination of security scanning, ethical hacking and risk assessment to show overall security of the organization.

Attributes in Security Testing



Security Testing Tools 
1. Vega
2. Wapiti
3. W3af
4. BeEF
5. SPIKE
6. CROSS


Thanks and Regards,
Dananji.


Location: Colombo

Comments

  1. TharushiNovember 8, 2016 at 10:55 PM

    Good Work.. Keep it up Dananji.. Content in the page is very useful for a beginner

    ReplyDelete

Post a Comment

Popular posts from this blog

Java basic for Selenium - Selenium Tutorial II

Today we are talking about Array. The software tester should have some basic knowledge about java when writing selenium scripts for the validations. Array is a data structure where stored in elements in same data type. The declaration and initialization an array as follows. int[]  Array_a;   or  int  Array_a[]; - This is an integer array. int[10] = Array_num;  - This is an integer array which stores 10 elements. Array_num[0] = 10;    - Assign value 10 to 0 th element of array. (Index [0]) int[]   Array_num = { 1, 2, 3, 4, 5 };  Finding maximum value of an array Finding minimum value of an array Finding average value of an array Find the key of an array Reverse an array The time complexity of this algorithm is   O(n/2)   which is O(N) because we are iterating over array till midpoint only. The initial iteration is happening as follows The...
1 comment
Read more

Strategies and methods for test case design II

Strategies and methods for test case design Today we are talking about how to get an approach for writing a good test case. Developers cannot prevent or eliminate all the defects raised in the application during implementation. That's why the application should be tested before deliver to the customer. Before starting the execution, we need to identify test scenarios and write test cases for each identified scenarios. Test case is test description which needs to be executed to verify the functionality or feature of the application. A good test case have a good possibility of finding defects. For designing effective test cases, there are two basic strategies that can be used. Black box test strategies White box test strategies Test Strategies Sources Testing Techniques Black Box  Functional requirement specification Equivalence partitioning   Business requirement specification Boundary value analysis   Domain knowledge State Transition Testing     ...
Post a Comment
Read more