Security testing is a type of testing which ensures that the data and resources of any system is protected by uncovering from possible vulnerabilities, threats and risks which may cause big loss to the software. The goal of security testing is, to identify the threats or any loopholes that may cause loss of information, revenue and measure its potential vulnerabilities so the system doesn’t stop functioning or is exploited. The types of security testing are:
- Vulnerability scanning: this method of automatic scanning of the software to scan the system against its vulnerability. The system weaknesses in computers and networks are identified and classified. The examples of vulnerability scan tools are: IBM Security Guardium, NTT vulnerability tracker etc.
- Security scanning: it involves identifying network and system weakness, later provides solutions for reducing the risks. This type of scanning can be performed in both manual as well as automated manner.
- Penetration testing: this type of testing checks the system from a malicious hacker. This type of testing involves particular system checks for potential vulnerabilities to an external hacking.
- Risk assessment: this type of method is applied as checking the number of security risks observed in an organisation.
- Security auditing: this is an internal inspection for applications and operating systems for security flaws. An audit is done line by line by inspecting the code.
- Ethical hacking: Its hacking of organisation software systems similar to malicious hackers who hack for their own gains. Its intention is to expose the security flaws in the system.
- Posture Assessment: this combines security scanning and risk assessment to show all security postures of the organisation.
The very basic example of security test is on a web application like Log into the web-application and log out of the web application and click BACK button of the browser and check again if you are asked to log in again.
The main areas which are focused in the security testing are
- Network security: looking vulnerabilities in the network.
- System software security: this involves analysing the weakness in the various soft wares the application depends on.
- Client side application security: this ensures that the client cannot be manipulated.
- Server-side application security: this involves that the server code and technologies are strong enough to offend any type of intrusion.
- Explain security testing with proper example?