QA Tutorials

Security Testing

SYSTEM TESTING

Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause big loss to the software. The goal of security testing is, to identify the threats or any loopholes that may cause loss of information, revenue and measure its potential vulnerabilities so the system doesn’t stop functioning or is exploited. The types of security testing are:

  1. Vulnerability scanning: this method of automatic scanning of the software to scan the system against its vulnerability. The system weaknesses in computers and networks are identified and classified. The examples of vulnerability scan tools are: IBM Security Guardium, NTT vulnerability tracker etc.
  2. Security scanning: it involves identifying network and system weakness, later provides solutions for reducing the risks. This type of scanning can be performed in both manual as well as automated manner.
  3. Penetration testing: this type of testing checks the system from a malicious hacker. This type of testing involves particular system checks for potential vulnerabilities to an external hacking.
  4. Risk assessment: this type of method is applied as checking the number of security risks observed in an organisation.
  5. Security auditing: this is an internal inspection for applications and operating systems for security flaws.  An audit is done line by line by inspecting the code.
  6. Ethical hacking: Its hacking of organisation software systems similar to malicious hackers who hack for their own gains. Its intention is to expose the security flaws in the system.
  7. Posture Assessment: this combines security scanning and risk assessment to show all security postures of the organisation.

The very basic example of security test is on a web application like Log into the web-application and log out of the web application and click BACK button of the browser and check again if you are asked to log in again.

The main areas which are focused in the security testing are

  • Network security: looking vulnerabilities in the network.
  • System software security: this involves analysing the weakness in the various soft wares the application depends on.
  • Client side application security: this ensures that the client cannot be manipulated.
  • Server-side application security: this involves that the server code and technologies are strong enough to offend any type of intrusion.

Question:

  1. Explain security testing with proper example?
Facebook Comments
Tags

Related Articles

8 thoughts on “Security Testing”

  1. 1. Explain security testing with proper example?

    Security testing is a type of testing which ensures that the data and resources of a particular system are protected by revealing possible vulnerabilities, threats and risks – which may cause substantial loss to the software. The goal of security testing is to identify the threats or any loopholes that may cause loss of information or revenue. It is also used to measure the system’s potential vulnerabilities so the system continues to function without being exploited.

    Some types of security testing include: Vulnerability scanning; Security scanning; Penetration testing; Risk assessment; Security auditing; Ethical hacking; and Posture Assessment.

    A basic example of a security test is on a web application, through which you are asked to Log into the web-application and log out of the web application. Testing could involve clicking the BACK button of the browser and checking again if you are asked to log in again.

  2. Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause big loss to the software.
    types of security testing are Vulnerability scanning, security scanning,Penetration testing, risk assessment,security auditing,ethical hacking,Posture Assessment.

    For example if you open a simple web application login in and logout from application click on back button if it shows the login again.

  3. Security testing is to ensure the data and resources of any system, is protected by uncovering from possible vulnerabilities, threats and risks and loop holes that may cause big loss to the software, revenue, loss of information and measure its potential vulnerabilities so the system doesn’t stop functioning or is exploited.
    There are different types of security tastings: Vulnerability scanning, Security scanning, Penetration testing, Risk assessment testing, Security auditing, Ethical Hacking, Posture Assessment.
    Example: Shopping with Credit Card. If I purchase something in Florida a few mins ago and another person purchased something in New York 10 mins later with the same credit card, means that it was hacked by someone. During that time, I will get a call from the Credit card company and they will make sure whether it is the right transaction or a fraud.

  4. Security testing is a process of finding and reporting the vulnerabilities and risks in computer or application in order to secure it from any sort of exploitation.
    Ex- Some sectors that have personal information (like financial) have session logins.
    Once the user logins, if there is no activity taking place for a specific amount of time then the session get timed out/ logged out.

  5. Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause a big loss to the software. EG: For financial sites, the Browser back button should not work.

  6. Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause big loss to the software. The goal of security testing is, to identify the threats or any loopholes that may cause loss of information, revenue and measure its potential vulnerabilities so the system doesn’t stop functioning or is exploited.
    ex:-IBM Security Guardium, NTT vulnerability tracker etc.

  7. Security Testing is defined as a type of Software Testing that ensures software systems and applications are free from any vulnerabilities, threats, risks that may cause a big loss. Security testing of any system is about finding all possible loopholes and weaknesses of the system which might result into a loss of information, revenue, repute at the hands of the employees or outsiders of the Organization.
    The goal of security testing is to identify the threats in the system and measure its potential vulnerabilities, so the system does not stop functioning or is exploited. It also helps in detecting all possible security risks in the system and help developers in fixing these problems through coding.
    Example of security testing :
    A password should be in encrypted format
    Application or System should not allow invalid users.

  8. Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause big loss to the software. The goal of security testing is to identify the threats or any loopholes that may cause loss of information, revenue and measure its potential vulnerabilities so the system doesn’t stop functioning or is exploited. It also helps in detecting all possible security risks in the system and help developers in fixing these problems through coding.

Leave a Reply

Your email address will not be published. Required fields are marked *

Close