Skip to main content

Security Testing

Security Testing is the process in the Information system to protect data and the functionality should work as required. Security Testing is to protect the data from unforeseen(Intensional or Unintentional) actions or stop functioning.
Confidentiality, Integrity, Authentication, Availability, Authorization and  non-repudiation are teh specific element for the Security Testing
 Now first discuss the element of Security Testing one by one
  • Confidentiality: The information which can be seen by a assigned recipient, if seen by other users then this is the lack of  Confidentiality of the data. 
  • Integrity: If the information is modified by the person who is not authorized then this is lack of Integrity. Integrity is to check the information is transferred from one application to another is correct. The major intension of Integrity for the receive that the information that provided by the system is correct. 
  • Authentication: Authentication is a process in which the credentials provided are compared to the database of authorized users. If the credentials match, the process is completed and the user is granted authorization for access.
  • Availability: Information must be available for the authorized users when they need. 
  • Authorization: The system provide the permission for the Authenticate users to access the files and perform the operation.
  • Non-repudiation: In reference to digital security, nonrepudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Some Key Terms in Security Testing
  • XSS ( Cross Site Scripting)Cross Site Scripting(XSS) is the attack from client side in which attackers can use malicious script into the Web Application. Ab attacker can use the XSS to send a malicious script to an unsuspecting user.
  • URL Manipulation : Attackers can change the path of the URL to access the records for which they are unauthorized.
  • SQL Injection: SQL injection is a code injection technique, used to attack on applications which have malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software.
  • Password Cracking: password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
  • Broken Authentication and Session Management: When Authentication is not properly working then this system allow the hackers to get the password and sessions of the application. 
  • Cross Site Request Forgery(CSRF): CSRF is an attack that forces an user to execute unwanted actions on a web application in which they're currently authenticated. Users execute the action of Attaker's choice . If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application
  • Insecure Direct Object References:Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files



Labels:

Comments

Post a Comment

Popular posts from this blog

What is API?

In general way, API (Application Programming Interface) is the intermediate software which is useful for two applications to communicate. API is the tool which is used for interaction of two applications. If developer developing any software which have multiple blocks (Modules) than developer use APIs to put them together.
Post a Comment
Read more

Smoke Testing

In Smoke Testing, Testing team check the key feature or key bugs of the software. Smoke testing ensure that critical functionality of the software is working fine.If key features are not working then it is no needed to test the overall functionality because it is just waste of time. In Smoke Testing, test team check the basic feature of the software and if basic feature is not working it means software is broken very badly and further testing is unnecessary. If Smoke Testing failed then it is declared that build is unstable and revert back to developer team until smoke test is pass.
Post a Comment
Read more

Guide to Setup Selenium Web Driver

In this Article i am describing you how to setup Selenium Web Driver in your Machine Step 1: First You need to install Java in your Computer. To download the java Click Here
Post a Comment
Read more