skip to Main Content
Security Testing

Security Testing

Security Testing Definition, Focus Areas, Example, etc, …

DEFINITION

Security Testing is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.

FOCUS AREAS

There are four main focus areas to be considered in security testing (Especially for web sites/applications):

  • Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
  • System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
  • Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
  • Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.

EXAMPLE OF A BASIC SECURITY TEST

This is an example of a very basic security test which anyone can perform on a website/application:

  • Log into the web application.
  • Log out of the web application.
  • Click the BACK button of the browser (Check if you are asked to log in again or if you are provided the logged-in application.)

Most types of security testing involve complex steps and out-of-the-box thinking but, sometimes, it is simple tests like the one above that help expose the most severe security risks.

OWASP

The Open Web Application Security Project (OWASP) is a great resource for software security professionals. Be sure to check out the Testing Guide: https://www.owasp.org/index.php/Category:OWASP_Testing_Project

OWASP Top 10 security threats for 2013 are:

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Known Vulnerable Components
  • Unvalidated Redirects and Forwards

BUILDING TRUST

There is an infinite number of ways to break an application. And, security testing, by itself, is not the only (or the best) measure of how secure an application is. But, it is highly recommended that security testing is included as part of the standard software development process. After all, the world is teeming with hackers/pranksters and everyone wishes to be able to trust the system/software one produces or uses.

credits: softwear testing fundamentals

This Post Has 102 Comments
  1. Hello there, just became alert to your blog through Google, and found that it’s truly informative.
    I’m going to watch out for brussels. I’ll appreciate if you continue this in future.
    A lot of people will be benefited from your
    writing. Cheers!

  2. This is really interesting, You are a very skilled blogger.
    I have joined your feed and look forward to seeking more of your excellent post.

    Also, I’ve shared your site in my social networks!

  3. I know this if off topic but I’m looking into starting my own weblog and was curious what all is required to get setup? I’m assuming having a blog like yours would cost a pretty penny? I’m not very internet smart so I’m not 100 positive. Any suggestions or advice would be greatly appreciated. Thanks

  4. I used to beI was recommendedsuggested this blogwebsiteweb site throughviaby way ofby means ofby my cousin. I amI’m now notnotno longer surepositivecertain whetherwhether or not this postsubmitpublishput up is written throughviaby way ofby means ofby him as no onenobody else realizerecognizeunderstandrecogniseknow such specificparticularcertainpreciseuniquedistinctexactspecialspecifiedtargeteddetaileddesignateddistinctive approximatelyabout my problemdifficultytrouble. You areYou’re amazingwonderfulincredible! Thank youThanks!

  5. Fantastic blog! Do yyou have any suggestions for aspiring
    writers? I’m hoping to start my own website soon but I’m a little lost on everything.
    Would you propose startig with a free platform like WordPress or go for a pai
    option? There are so many choices out there that I’m totally overwhelmed ..

    Any suggestions? Thank you!

  6. Admiring the time and effort you put into your website and detailed information you present. It’s awesome to come across a blog every once in a while that isn’t the same old rehashed material. Fantastic read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.

  7. Heya i’mi am for the first time here. I came acrossfound this board and I find It trulyreally useful & it helped me out a lotmuch. I hope to give something back and helpaid others like you helpedaided me.

  8. HiWhat’s upHi thereHello to allevery oneevery single one, it’s reallyactuallyin facttrulygenuinely a nicepleasantgoodfastidious for me to visitgo to seepay a visitpay a quick visit this websiteweb sitesiteweb page, it containsconsists ofincludes valuablepreciouspricelessimportanthelpfuluseful Information.

  9. Aw, this was a reallya veryan extremelyan incrediblyan exceptionally nice postgood post. Taking the timeFinding the timeSpending some timeTaking a few minutes and actual effort to make ato create ato produce ato generate a very goodgreatgoodreally goodtop notchsuperb article… but what can I say… I procrastinateput things offhesitate a lota whole lot and neverand don’t seem tomanage to get anythingnearly anything done.

  10. It’s not too early to think about your next Christmas cards – this time do it in a modern way – send eCards, animated over your photos, with realistic snow that will WOW your friends and family. It’s not one of those cheesy, lame eCards that look like something from 1997. This is so realistic, so emotional and beautiful, you’ll keep using them over and over again. Check out our examples and head HERE: http://bit.ly/winterscene to download your unique, easy to customize card!

  11. hello there and thank you for your information – I have certainly picked up something new from right here. I did however expertise several technical issues using this site, since I experienced to reload the web site many times previous to I could get it to load properly. I had been wondering if your web host is OK? Not that I am complaining, but sluggish loading instances times will very frequently affect your placement in google and could damage your quality score if ads and marketing with Adwords. Anyway I am adding this RSS to my email and can look out for a lot more of your respective exciting content. Make sure you update this again very soon..

  12. After I initially left a comment I seem to have clicked on the -Notify
    me when new comments are added- checkbox and from now on whenever a comment iss added I get four emails with tthe exact same comment.
    There haas too be a way you are able to remove me from that service?

    Thanks!

  13. Admiring the hard work you put into your blog and detailed information you present. It’s great to come across a blog every once in a while that isn’t the same old rehashed material. Fantastic read! I’ve saved your site and I’m including your RSS feeds to my Google account.

  14. Write more, thats all I have to say. Literally, it seems as though you relied
    on the video to make your point. You definitely know what youre talking about, why waste your
    intelligence on just posting videos to your site when you
    could be giving us something informative to read?

  15. hey there and thank you for your information – I’ve certainly picked up something new from right here. I did however expertise a few technical points using this website, as I experienced to reload the web site many times previous to I could get it to load properly. I had been wondering if your web hosting is OK? Not that I am complaining, but sluggish loading instances times will very frequently affect your placement in google and can damage your high-quality score if advertising and marketing with Adwords. Anyway I am adding this RSS to my e-mail and could look out for a lot more of your respective interesting content. Ensure that you update this again soon..

  16. Ahaa, its nicepleasantgoodfastidious discussionconversationdialogue regardingconcerningabouton the topic of this articlepostpiece of writingparagraph hereat this place at this blogweblogwebpagewebsiteweb site, I have read all that, so nowat this time me also commenting hereat this place.

  17. This isThat is veryreally interestingfascinatingattention-grabbing, You areYou’re an overlyan excessivelya very professionalskilled blogger. I haveI’ve joined your feedrss feed and look ahead tolook forward tosit up forstay up for in search ofseekinglooking forin quest ofin the hunt forsearching for moreextra of your greatwonderfulfantasticmagnificentexcellent post. AlsoAdditionally, I haveI’ve shared your siteweb sitewebsite in my social networks

  18. HeyHowdyWhats upHi thereHeyaHiHey thereHello this is kindasomewhatkind of of off topic but I was wonderingwanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding knowledgeskillsexperienceknow-howexpertise so I wanted to get adviceguidance from someone with experience. Any help would be greatlyenormously appreciated!

  19. Thanks for a marvelous posting! I certainly enjoyed reading it, you
    might be a great author.I will maoe sure to bookmark your blog and may
    comje back at some point. I want to encourage you to ultimately continue your grwat work, have a
    nice day!

  20. Woah! I’m really loving the template/theme of this site. It’s simple, yet effective. A lot of times it’s tough to get that “perfect balance” between superb usability and visual appearance. I must say that you’ve done a awesome job with this. Additionally, the blog loads super fast for me on Chrome. Superb Blog!

  21. Hey There. I found your blog using msn. This is a really well written article. I will make sure to bookmark it and return to read more of your useful info. Thanks for the post. I’ll definitely comeback.|

Leave a Reply

Your email address will not be published.

Back To Top