Security Testing



Security testing is a process to ensure that confidential data is not accessible to anybody other than authorized members. It focus on two important aspects : Authentication and Authorization.



In these days, Security is an important requirements for the enterprises across industries. Every organization needs to secure the information it possesses and the application it uses in order to protect sensitive data, avoid any financial impact and forbid any possible loss of business. If an application is not secured , it can lead to->
1. Loss of credibility with customers, business, reputation.
2. Unauthorized access to sensitive information.
3. Regulatory non-compliance.

Security testing determines whether an application is capable of identify security related risks and averting possible attacks (virus attack).

What is penetration testing?
Penetration testing is a process of establishing weakness in a computer infrastructure or network. This helps an organization to accurately define their level of information security and identify security holes which need to be addressed . It is also know as vulnerability assessment or ethical hacking.

What is SQL Injection?
This is a process of altering backend SQL statement through the web application user interface. Here, an attacker uses this technique to gain access to underlying database and to manipulate it.

How security testing is carried out?
Following are the important types of test conducted for security testing of an application->


Password cracking
Guess the password.
Use password cracker tools.
Hack a cookie if used to store passwords.


URL manipulation
Change the query string part of the URL to corrupt the data.

SQL injection
Inject complete or part of SQL statements as part of user input to extract vital data.

Cross site scripting
Check any HTML or SCRIPT tag is accepted as part of user input


Tools used for security testing->
1. IBM Rational AppScan
2. HP Web Inspect
3. Web Scarab.

No comments:

Post a Comment