What is Security Testing ?
Also know as Penetration testing .
During this the testing team is validating for :
Authorization :
Access to the valid user and deny to invalid user .
Access control :
Giving access permissions to the valid users to use specific services like features or functionalities in software
Encryption or Decryption :
Deny to third party access to enter into the system . Code conversion is in between client process and server process.
security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:
- Confidentiality
- Integrity
- Authentication
- Authorization
- Availability
- Non-repudiation
Security Testing - Techniques:
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
.jpg)
