Importance Of Security Testing

 

Importance of Security Testing

Now a days, all of our data is on the cloud .All our sensitive data, personal information’s such as bank details, emails, password, credit card number etc...  Are stored in some server and managed by in particular database. But hackers regular show how vulnerable most of your online data is. Data leaks happen every day, across the world.

But the leakage of data is not good to organization and for their clients. So there are trying to give their best security in their applications and website. Major companies like Google and Apple are also offering big cash rewards to who can identify security vulnerabilities in their websites and software products.

 

The primary ideal of security testing is to identify and assess how vulnerable a system may be and to determine if the data and resources are defended from implicit hackers.

 

Now days world security testing has been extended a lot in different ways like:

 

►Vulnerability Scanning

►Security Scanning

►Penetration testing

►Risk Assessment

►Security Auditing

►Posture Assessment

►Ethical hacking



Software security testing is vital in its own way and many organizations who serve these services includes this testing as well. Details are



 

Vulnerability Scanning: is a type of computer program designed to access computers software to identify security and flaw weakness in system.

 

Security Scanning: This type of surveying help to identify network and system weaknesses, and later predicts solutions for reducing these risks. Both Manual and Automation tools are used in this test type.

 

Penetration testing: This testing identifies an attack from a vicious hacker. This testing involves analysis of a particular system for checking implicit vulnerabilities to an outworld hacking attempt.

 

Risk Assessment: This testing is being used for analysis of security risks noticed in the organization. It recommends controls and measures to reduce the hazard, risks are classified as Low, Medium and High.

 

Security Auditing: This testing involves inner overview of Applications and Operating systems for security flaws.

 

Ethical hacking: It’s playing an Organization Software systems. Unlike vicious hackers, who steal for their own earnings, the intent is to expose security excrescencies in the system.

 

Posture Assessment: It is a compound of Ethical Hacking, Security scanning and hazard Assessments to show an overall security posture of an organization.


Some key terms used in security testing.


 

♦Vulnerability: this is a weakness in the web application.

♦URL Manipulation: it is easy to edit URL in browser. Lack of security can cause the consumers to be delivered and confidential data being leaked. Thus, it’s much important to the tester to check if the app becomes judge data through its URL string.                      

Testers check whether or not the application allows sensitive data in the query string. These types of attacks be when the application uses the HTTP GET method to exchange information between the server and the client.

♦SQL Injection: SQL Injection is a very critical vulnerability. It is one of the most popular, dangerous, frequent vulnerability technique. It give access your database to hacker.  Inserting SQL statement through the web application user interface into some query that is then executed by server

Testers check the SQL injection access points to recognize if it can be exploited by a SQL injection attack. They identify and test the database code in which direct MySQL queries are performed on the database by concede exact user inputs.

♦cross site scripting: It is a client-side injection attack where the attacker target to execute malicious scripts in the victim’s browser.                                                                                                                   These malicious scripts can perform a type of functions such as send the victim’s login credentials or session token to the attacker, log their keystrokes, or perform arbitrary actions on behalf of the victim.

Testers must ascertain that the input fields do not trust invalidated user input, and must properly encode the output of these fields if they are included in a server response.

♦Brut-force Attack: Brute-force attacks depend on guessing separate combinations of a targeted password till the true password is funded. Attackers use brute-force attacks to gain entry to sensitive details such as personal identification numbers, passphrases, passwords, or usernames to lift out identity theft, move domains to sites with malicious content, or other malicious activities.

♦Monitor access control management: a web application or a computer, access control is a complicated aspect that helps save your application safety or system from being exploited by attackers or insider threats.

There is two parts.        

•Authentication – who are you? (Verify user’s identification)

•Authorization – what are allowed to do (decide user’s permissions)

 

♦Check server access control: Web applications have multiple user’s entry points that provide sufficient access to complete users’ requests, but they must maintain security to avert data breaches or attacks.

Testers should ensure that all internal-network entry points to the application are by expected machines (IPs), applications, and users and that all access is strictly controlled.                                    to check if an open entry point is enough restricted, the QA should try to access these points from various machines having both untrusted and trusted IP addresses. 

Moreover, a variety of realtime transactions should be performed in bulk to check the application’s performance under load.                                                                                    

doing security testing, the tester should also check if the open entry points in the application approve specific actions by the users in a secure way.

♦session management: To ensure that your application has appropriate session management, check the session expiry after a particular idle time, session termination after login and log out, session termination after maximum lifetime, check for session time gap and session cookie scope, etc.


Checklist to consider when performing web application

1. Asset discovery

2. Check for outdated versions

3. Check permissions

4. Check Security protocols

5. Analyze code rigidity with penetration test

6. Test database security

7. Check network assets

8. Run configuration tools

9. Client side logic

10. Business logic

11. Input validation

12. Authentication and session management

13. Configuration

14. Check authorization

15. Test error handling


Checklist to consider when performing Mobile application security testing.


1. Nature of the app

2. Check application code is Hack proof code  

3. Avoid unnecessary user permission,

4. Check the background data usage while running app

5. Check battery usage while application on running, also check that application is running at that time battery is not overheating.

6. Check data transaction protection  

7. Check hidden activity that ensure the application don’t use user’s private files

8. Check application don’t use any third party payment gateway

9. Check hidden loophole in app


Benefit of security testing


•Get higher return
•Secure third party API & services
•Eliminate the impact of Trojan apps
•Prevent data leaks
•Implement corporate policy
•Secure the application code
•Eliminate common security vulnerability
•Prevent real time security attacks








Comments

Post a Comment

Popular posts from this blog

Test cases for Dashboard

Image
  Test Cases for Dashboard Testing In the dashboard testing, you need to fully concentrate and also be aware of the product flow. Now a day’s many types of dashboards are available which are used as per requirement. Some test cases which are helpful to you for the dashboard testing. ->Some common test cases (1)     Ensure that all the widgets are appearing in dashboard (2)     Ensure that widgets count are showing properly (3)     Ensure that widgets color is proper  (4)     Verify that widgets has proper title  (5)     Verify that User details are appear proper in upper right corner  (6)     Verify that all the images are showing in the proper size or proper align (7)     Verify that all available export functionality should work expected (8)     Verify that left menu and Dashboard data should not overlap (9)    ...
Read more

Test Cases for Payment Gateway.

Image
  The purpose of payment gateway testing is to insure the security, trust ability and performance of a payment gateway by cracking and securing the payment details between stoner and trafficker while furnishing a smooth payment experience. Check List: How to Test Payment Gateway. 1. Arrange proper test data for the dummy credit card number for the maestro, visa, master, etc. 2. Collect payment gateway information like Google Pay, Google Wallet, PayPal, Paytm, or else 3. Collect payment gateway documents with error codes 4. Check for the application response after the transaction. 5. Check for the message that is displayed after a successful transaction. 6. Check for the message that is displayed after an unsuccessful transaction. 7. Check for the language and currency that is relevant to the location. 8. Check the error message if a payment fails. 9. Check redirection after successful payment 10. Check all payment options are working properly. 11. Check for the messag...
Read more

𝐓𝐎 𝐤𝐧𝐨𝐰 𝐚𝐛𝐨𝐮𝐭 𝐒𝐞𝐯𝐞𝐫𝐢𝐭𝐲 & 𝐏𝐫𝐢𝐨𝐫𝐢𝐭𝐲

Image
TO know about Severity & Priority       ► Priority                                                                                                                     it indicate how soon bug should be fixed. Priority defines the order in which we  should resolve an error. Should we fix it now or wait? It could be low, medium and high. It depends on customer requirement. Low: defect isn’t harmful to the Product, so it can be resolve after the critical/harmful defects are fixed or a later date.     Medium : it can be resolved throughout the normal process of development.it can be tested in another build or version. High : error must be solve as s...
Read more