Skip to main content

Security Testing

Security Testing is the process in the Information system to protect data and the functionality should work as required. Security Testing is to protect the data from unforeseen(Intensional or Unintentional) actions or stop functioning.
Confidentiality, Integrity, Authentication, Availability, Authorization and  non-repudiation are teh specific element for the Security Testing
 Now first discuss the element of Security Testing one by one
  • Confidentiality: The information which can be seen by a assigned recipient, if seen by other users then this is the lack of  Confidentiality of the data. 
  • Integrity: If the information is modified by the person who is not authorized then this is lack of Integrity. Integrity is to check the information is transferred from one application to another is correct. The major intension of Integrity for the receive that the information that provided by the system is correct. 
  • Authentication: Authentication is a process in which the credentials provided are compared to the database of authorized users. If the credentials match, the process is completed and the user is granted authorization for access.
  • Availability: Information must be available for the authorized users when they need. 
  • Authorization: The system provide the permission for the Authenticate users to access the files and perform the operation.
  • Non-repudiation: In reference to digital security, nonrepudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Some Key Terms in Security Testing
  • XSS ( Cross Site Scripting)Cross Site Scripting(XSS) is the attack from client side in which attackers can use malicious script into the Web Application. Ab attacker can use the XSS to send a malicious script to an unsuspecting user.
  • URL Manipulation : Attackers can change the path of the URL to access the records for which they are unauthorized.
  • SQL Injection: SQL injection is a code injection technique, used to attack on applications which have malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software.
  • Password Cracking: password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
  • Broken Authentication and Session Management: When Authentication is not properly working then this system allow the hackers to get the password and sessions of the application. 
  • Cross Site Request Forgery(CSRF): CSRF is an attack that forces an user to execute unwanted actions on a web application in which they're currently authenticated. Users execute the action of Attaker's choice . If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application
  • Insecure Direct Object References:Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files



Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Put Load on a Script in JMeter

In last post we discussed about how to record a test script and Firefox settings to run the script. In this post we will discuss about how the Thread Group will work, how can we put n number of users to perform load testing, In JMeter by using Thread Group, we can create virtual users. Thread Group is a set of thread which work in same scenario. There are multiple thread group are available which is use to configure how the virtual users interest with the application, How much load maintain and till how much time load maintain.
1 comment
Read more

How to take the Screenshot in Selenium WebDriver?

If we want to take the screenshot then we have to convert our WebDriver object into the screenshot object. we need to change the behavior of the drive to take the screenshot . We can do it by casting
Post a Comment
Read more

JMeter Overview Description

In this article we will go through the multiple section of JMeter and describe the tool information. we will discuss about every component of JMeter tool in this Article so that you can hands on while working on script on JMeter about these components.
Post a Comment
Read more