What is Security Testing ?
Software testing that’s done to verify whether a system under test only
allows designated users and processes access to business functionality and
data.
Why Security Testing is needed ?
Security Testing is done to reveal
flaws in the security mechanisms of an information system
It verifies that the business
security , system's integrity and confidentiality is maintained through test
conditions like active attacks (Penetration Testing) and also in passive
states.
It also validates that the system's
authentication processes provides access to only verified and measured
resources.
How can we do Security Testing ?
Six Important Scenarios to cover
while testing for Security :
1. Confidentiality
2. Integrity
3. Authentication
4. Authorization
5. Availability
6. Non-repudiation
1. Confidentiality - A
security measure which protects against the disclosure of information to
parties other than the intended recipient .
2. Integrity - A
measure intended to allow the receiver to determine that the information
provided by a system is correct. It involves adding information to a
communication, to form the basis of an algorithmic check, rather than the
encoding all of the communication.
3. Authentication – is
a way to confirm the identity of a person or trace the origins of an
artifact. It ensures that a product is what its packaging and labeling claims
to be .
4. Authorization -
determines that the right requester is allowed to receive a service or perform
an operation.
5. Availability –
ensures information and communications services are ready for use when required .
6. Non-repudiation is
a way to guarantee that the transferred message has been sent and received by
the parties claiming to have sent and received the message
Links to useful posts:
· Abstraction
Comments