Security Testing
Testing the security of application that how well it protects
the data from unauthorized entry.
The process to determine that an information system
protects how well it protects data and maintain
functionality as intended.
The six basic security concepts that needed to be covered
in security testing are:
confidentiality
Integrity
authentication
authorization
availability
non-repudiation
Confidentiality:
A security measure which protects against the disclosure of
information against disclosure of information to parties
other than intended persons by no means ,the only
way of ensuring the security.
Integrity:
A measure intended to allow the receiver to determine the
information which it is providing is correct.
Authentication:
Allows a receiver to have confidence that information it receives
is origination from specific known resource.
Authorization:Access control
The process of determining that a request is allowed to receive
a service or perform an operation.
Availability:Assuring information and communication services
is ready for use when expected only bt the authorized users.
Non-Repudiation: A measure intended to prevent the later denial
that an action happened ,or a communication took place.
Some examples of security Testing are:
Examples1:
Testing the security of application that how well it protects
the data from unauthorized entry.
The process to determine that an information system
protects how well it protects data and maintain
functionality as intended.
The six basic security concepts that needed to be covered
in security testing are:
confidentiality
Integrity
authentication
authorization
availability
non-repudiation
Confidentiality:
A security measure which protects against the disclosure of
information against disclosure of information to parties
other than intended persons by no means ,the only
way of ensuring the security.
Integrity:
A measure intended to allow the receiver to determine the
information which it is providing is correct.
Authentication:
Allows a receiver to have confidence that information it receives
is origination from specific known resource.
Authorization:Access control
The process of determining that a request is allowed to receive
a service or perform an operation.
Availability:Assuring information and communication services
is ready for use when expected only bt the authorized users.
Non-Repudiation: A measure intended to prevent the later denial
that an action happened ,or a communication took place.
Some examples of security Testing are:
Examples1:
- When user Login to new session there will be one session pool
and one number is generated and this is dropped in to local
machine
c:\prog files\window\temp
session id=cookie - When you logotype the cookie gets deleted that is cookies
get back into browser. - Login to web application
- Go to c:\prog files into notepad
- logout
- once again paste into path then try to open it without
user name and password,It should not login because each time
different random numbers are generated. - session id should get expired as soon as user logout.
This is security testing
Example2:
1)Take notepad ,write user name and password - copied user name and password is then copied into
user name and password fields of the application. - once again copy and paste it in notepad,it should
not be decoded.
Example3: - Logout and click on the back arrow,it should not once again
go back to application
No comments:
Post a Comment
You Can Post Your Comment Here