Skip to main content

Security Testing

Security Testing is the process in the Information system to protect data and the functionality should work as required. Security Testing is to protect the data from unforeseen(Intensional or Unintentional) actions or stop functioning.
Confidentiality, Integrity, Authentication, Availability, Authorization and  non-repudiation are teh specific element for the Security Testing
 Now first discuss the element of Security Testing one by one
  • Confidentiality: The information which can be seen by a assigned recipient, if seen by other users then this is the lack of  Confidentiality of the data. 
  • Integrity: If the information is modified by the person who is not authorized then this is lack of Integrity. Integrity is to check the information is transferred from one application to another is correct. The major intension of Integrity for the receive that the information that provided by the system is correct. 
  • Authentication: Authentication is a process in which the credentials provided are compared to the database of authorized users. If the credentials match, the process is completed and the user is granted authorization for access.
  • Availability: Information must be available for the authorized users when they need. 
  • Authorization: The system provide the permission for the Authenticate users to access the files and perform the operation.
  • Non-repudiation: In reference to digital security, nonrepudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Some Key Terms in Security Testing
  • XSS ( Cross Site Scripting)Cross Site Scripting(XSS) is the attack from client side in which attackers can use malicious script into the Web Application. Ab attacker can use the XSS to send a malicious script to an unsuspecting user.
  • URL Manipulation : Attackers can change the path of the URL to access the records for which they are unauthorized.
  • SQL Injection: SQL injection is a code injection technique, used to attack on applications which have malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software.
  • Password Cracking: password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
  • Broken Authentication and Session Management: When Authentication is not properly working then this system allow the hackers to get the password and sessions of the application. 
  • Cross Site Request Forgery(CSRF): CSRF is an attack that forces an user to execute unwanted actions on a web application in which they're currently authenticated. Users execute the action of Attaker's choice . If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application
  • Insecure Direct Object References:Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files



Labels:

Comments

Post a Comment

Popular posts from this blog

What is API?

In general way, API (Application Programming Interface) is the intermediate software which is useful for two applications to communicate. API is the tool which is used for interaction of two applications. If developer developing any software which have multiple blocks (Modules) than developer use APIs to put them together.
Post a Comment
Read more

Ad-Hoc Testing

Ad-Hoc Testing is the testing type which is performed without any proper procedure and without any Requirement Specification. Ad-Hoc testing is totally informal testing which have intension to break the application as early as possible and found important defect early.  In Ad-hoc testing tester do not have any test cases so only the users who have very high knowledge regarding the application only they can perform Ad-Hoc Testing.
Post a Comment
Read more

XPath Expression to locate Web Element

In last article i mentioned you how to locate the Web Element with id, Name, LinkText, Partial LinkText, CSS Selectors, Class Name and Tag Name. We use FireBug add-one to use these 7 locators to locate the Web Element on Web Page. Now we are talking about XPath expression. Which is also a type of Locator. We need FirePath add-ons to use it.
Post a Comment
Read more