Understanding the concept of security testing

Page 1

Understanding the Concept of Security Testing Although a bit ignored, Security testing is a kind of testing that forms an important aspect of the software development life cycle or SDLC. You will get to know about security testing via a course in Pune. Now let's elaborate on the same concept. First of all, let us understand what is security before proceeding with security testing. What do we mean by security? Security is a set of measures to ensure an application against unexpected activities that cause it to quit working or being abused. Unanticipated activities can be either purposeful or accidental. Security Testing The objective of security testing is to discover the threats in the framework and weigh its potential vulnerabilities. It similarly assists in identifying all conceivable security dangers in the framework and assist developers in altering these issues through coding. Security Testing guarantees, that the software and applications in a company, are free from any escape clauses that may bring about a major loss. Security testing of any system is about discovering every single conceivable proviso and shortcomings of the system which may come about into loss of data because of the insiders or outsiders of the organization. Various methods used to carry out security testing: In security testing, diverse ways are taken after, and they are as per the following: Black Box: Tester is approved to do testing on everything about the system topology and the technology. Grey Box: Partial data is given to the tester about the system, and it is half breed of black and white box models. Tiger Box: This hacking is normally done on a laptop which has an accumulation of OSs and hacking tools. This testing helps infiltration testers and security testers to direct vulnerabilities evaluation and attacks. Types of security testing: Security testing is divided into seven main types. These are as per Open Source Security Testing methodology manual.   

Ethical hacking Security auditing Vulnerability scanning


   

Penetration testing Risk assessment Posture assessment Security scanning

Now lets see them one by one 

Ethical hacking:

It's hacking an Organization Software frameworks. Not at all like malicious programmers ,who take for their own particular gains, the aim is to uncover security blemishes in the system. 

Security auditing:

This is inner review of Applications and Operating systems for security blemishes. Audit should likewise be possible by means of line by line investigation of code. 

Vulnerability scanning:

This is done through automation software to examine a system against known vulnerability signatures. 

Penetration testing:

This sort of testing reenacts an assault from malicious hacker. This testing includes examination of a specific system to check for potential vulnerabilities to an outer hacking endeavor. 

Risk assessment:

This testing includes examination of security threats seen in the company. Risks are named Low, Medium and High. This testing states controls and measures to reduce the risk. 

Posture assessment:

This consolidates Security checking, Ethical Hacking and Risk Assessments to demonstrate a general security posture of an association. 

Security scanning:

It includes recognizing network and system shortcomings, and later gives answers for decreasing these risks. This scanning can be performed for both Manual and Automated scanning. Various roles in security testing domain: 

Ethical hacker:

Performs a large portion of the breaking exercises however with authorization from proprietor.




Crackers: Crack the system in order to destroy or steal data.



Hackers: Access your system without taking proper permission.



Packet monkeys: Hackers with no experience but with programming skills.

Security testing is the most critical testing for an application and check whether secret information stays classified. In this kind of testing, tester assumes a part of the attacker and play around the system to discover security related bugs. This security testing is essential in IT industry to ensure data safety come what may. A software testing institute in Pune can teach you details regarding the software testing domain.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.