Overview about Security and Security Testing

What is Security?

As we all know in general terms security means to Protect something from some unwanted actions and to do so we all take some security measures. So in technical terms security means to protect all kind of Information systems(i.e. Desktop softwares, Mobile apps , Web applications) from different types of security threats (i.e. Sql injection,hacking,virus etc.).

Security Testing?

To ensure that information system is secure , they must pass through every possible security checks.It is a technique to determine if your information system is secure to save data from security threats and if its functionality works even if any security threats are introduced into it.

To prevent your software against security threats you have to think and test like a hacker.

appsec-01

Security testing has 6 principles.

1) Confidentiality
It aims on protecting data from disclosure to third parties.

2) Integrity
It refers to protection of information from modifying by third parties and aims at ensuring delivery of exact information send by a sender.

3) Authentication
It is concerned with authenticity of user using the information system is the same who needs to be or the system is exact same which it was claimed to be. No third party should be able to access the system without authentication.

4) Authorization
It includes the process of verifying that the user which requests to access the system is allowed to have access over the system. Ex. Access Control

5) Availability
It is a term which is to assure that whenever user requests for information and access over system, It should be ready for authenticated user and information should be available at any time for authorized user.

6) Non-repudiation
It simply means that the message or information sent over network has been successfully sent and received by end to end users. It is a way to ensure that sender can not deny that he has sent that message and receiver can not deny that he has received message.

Techniques for Security Testing:

  • Sql Injection
  • Broken Authentication and Session.
  • XSS(Cross-Site Scripting)
  • IDOR(Insecure Direct Object References)
  • Security Misconfiguration
  • SDE(Sensitive Data Exposure)
  • Missing Access Control at Functional Level
  • CSRF(Cross-Site Request Forgery)
  • Use Components with Known Vulnerabilities
  • Unvalidated Redirect

We will see in detail about Security testing techniques in my next blog. Keep reading… 🙂

Khushal Parikh

Khushal Parikh | Jr. Quality Analyst

I’m working as a Jr. Quality Analyst in Yudiz Solutions Pvt. Ltd. - a leading mobile app, mobile games and web development company. I’m fan of technology, cricket, and programming. I’m also interested in politics and music.
mm

Khushal Parikh Jr. Quality Analyst

I’m working as a Jr. Quality Analyst in Yudiz Solutions Pvt. Ltd. - a leading mobile app, mobile games and web development company. I’m fan of technology, cricket, and programming. I’m also interested in politics and music.

Comments are closed.

Top