At that point, Security testing, steps in as the bulk of the testing. With the advancement of the technologies and various loopholes in the vastness of the net the software’s are getting more prone to hackers and people trying to get unauthorized access. Around the world many countries suffer huge amount of financial loss that is attributed to stealing critical information.

Let us understand what actually is Security Testing?

There are lot many Social networking sites where users enter their personal information like email addresses, phone numbers, photographs etc. and have private conversations where there is one on one involvement and sharing between connects. There are banking websites where users log in for various financial transactions and tracking. There are numerous government sites where critical information is available that can impact the country’s dealings and economic structures.

There are numerous variations for all of what is discussed above. All have the same functional foundation of security.

If confidential information is bound by a series of agreements between interacting companies and if any breach is found then legal actions may be initiated. So Security Testing is the major concern for the software companies that handle critical business and financial data.

In Security Testing, generally we check following parameters.

1). Authentication: In this identity of a person is Authenticated or confirmed at server side. When a password is entered, the software validates the credentials and confirms the authentication of the user.
2). Authorization:  It is the confirmation about the services accessed by the user.

Control over the user to allow access of certain services or not is covered under this. The best example of Authorization is Access Control.
3). Integrity: Integrity confirms whether the information received by the user is correct or not.
4). Availability: It confirms whether the information is available or not for an authorized user.
5). Non – Repudiation: It is the arrangement in which sender of the message can not deny having sent the message and the receiver of the message can not deny to having received the message. It is the part of Digital Security.
6). Confidentiality: It confirms that data is not disclosed to the third party other than the intended party.

Some key terms and tricks used in security testing.

1). SQL Injection: In SQL Injection, user enters SQL Code into a web page to gain access control of the data or to change the data, SQL Query is commanded by which user can perform actions on data base.
2). URL Manipulation: It is also called URL Rewriting, sometimes if user changes some parameters in URL, he can access additional or confidential information.
3). XSS or Cross Site Scripting: When user injects client side scripts in the user interface of a web page and this script is also visible by other users then it is called XSS or Cross Site Scripting. This is generally occurs in Web Applications.
4). Vulnerability: It is the weakness of the software that can be due to the virus or bug or SQL Injection.
5). Spoofing: In this technique, sender address is altered with a duplicated address, which looks like the original address. This technique is also used in Spam and Phishing.

The list above is just the few but in real life many different approaches are taken by hackers to steal and retrieve valuable information. Reasons are many why this is done but irrespective of that many organizations internally and with third party testing companies try to ensure that the security of the highest order is provided and a malicious intruder be restricted or totally avoided. If a small or mid level company requires professional security testing done then they may outsource software testing specifically for the security reasons and achieve the required results.

View the original article here

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.