Security Testing :- It is the testing done in order to check the security weakness of the system.The process which is done with an intend to reveal the flaws in the security mechanism of a system.The security testing, which is done in order to check the security flaws reveals the loopholes in the system doesn’t assure complete flawless system.
Few Common types of Security Testing are as below
b) Penetration Test
c) Runtime Testing
d) Code review
- Authorization: If a user has an access to the system, access to valid users only.
- Authentication:Identity of Person.An origin of the product.
- Encryption or Decryption: - No third party access to enter into the system. Only client & Server
- Confidentiality: user data and details are kept confidential and not shared with any third party.
- Integrity:-Same data across and no modification with data
- Availability: - Data is available whenever the need arises.
Techniques which can be used in the application assessment
Dynamic analysis: In this automated runtime testing is conducted, where-in dynamic analysis tool automatically executes the attacks on the application and analyses the results.Tools which are used for this are HP Web Inspect, IBM App scan, Accunetix
Static Analysis -This is reviewing of code with the automated process.In this process, the tool is hooked with the compiler to understand the flow of data.This is more effective In understanding the input validation Vulnerabilities such as SQL Injection. Tools which are used for this are HP Fortify, IBM App scan.
References
No comments:
Post a Comment