What is Security?
As we all know in general terms security means to Protect something from some unwanted actions and to do so we all take some security measures. So in technical terms security means to protect all kind of Information systems(i.e. Desktop softwares, Mobile apps , Web applications) from different types of security threats (i.e. Sql injection,hacking,virus etc.).
To ensure that information system is secure , they must pass through every possible security checks.It is a technique to determine if your information system is secure to save data from security threats and if its functionality works even if any security threats are introduced into it.
To prevent your software against security threats you have to think and test like a hacker.
Security testing has 6 principles.
It aims on protecting data from disclosure to third parties.
It refers to protection of information from modifying by third parties and aims at ensuring delivery of exact information send by a sender.
It is concerned with authenticity of user using the information system is the same who needs to be or the system is exact same which it was claimed to be. No third party should be able to access the system without authentication.
It includes the process of verifying that the user which requests to access the system is allowed to have access over the system. Ex. Access Control
It is a term which is to assure that whenever user requests for information and access over system, It should be ready for authenticated user and information should be available at any time for authorized user.
It simply means that the message or information sent over network has been successfully sent and received by end to end users. It is a way to ensure that sender can not deny that he has sent that message and receiver can not deny that he has received message.
Techniques for Security Testing:
- Sql Injection
- Broken Authentication and Session.
- XSS(Cross-Site Scripting)
- IDOR(Insecure Direct Object References)
- Security Misconfiguration
- SDE(Sensitive Data Exposure)
- Missing Access Control at Functional Level
- CSRF(Cross-Site Request Forgery)
- Use Components with Known Vulnerabilities
- Unvalidated Redirect
We will see in detail about Security testing techniques in my next blog. Keep reading… :)