Security Testing
Security testing is a process to determine that an information system protects data and maintains functionality as intended.
Security testing is the process that determines that confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).
The purpose of the security test is to discover the vulnerabilities of the web application so that the developers can then remove these vulnerabilities from the application and make the web application and data safe from unauthorized actions.
Why Security Testing Required:
· Direct financial loss
· Loss of Reputation
Some Terms related to Security Testing
Vulnerability: This is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses
URL manipulation: Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server
SQL injection: This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server
XSS (Cross Site Scripting): When a user inserts HTML/ client-side script in the user interface of a web application and this insertion is visible to other users, it is called XSS
Spoofing: The creation of hoax look-alike websites or emails is called spoofing
For Security testing tester require skills like
- Knowledge of HTTP protocol
- How client and server request communicate with each other using HTTP
- Basics of sql injection and XSS
For security testing tester should careful about
- Configuration of the application or the server
- Services running on the server
- Existing user or customer data hosted by the application
- Security testing should not perform on production environment
Checklist for Security testing
- Password cracking
- SQL Injection
- URL Manipulation
- XSS cross site scripting
- Site functionality should be examined to ensure that access to sensitive data and administrative functions is protected appropriately. This applies to OS and server level functions, as well as application level.
- Only services necessary for the business process should be running on web-facing servers (the more different systems, the greater the likelihood of serious flaw
- Network traffic should be monitored to check for plain text transmission of user names and passwords (whether related to site users or to back office functions such as databases)
Hi Trupti,
ReplyDeleteThanks for this valuable information.
Alok :)
It has been basically extraordinarily liberal with you to give straightforwardly what precisely numerous people would've promoted for an eBook to wind up making some money for their end, principally given that you could have attempted it in the occasion you needed. Keep sharing
ReplyDeleteDatastage online training in India, Australia, USA, UK
Datastage online training in Hyderabad, Bangalore, Chennai, Noida