Security Testing – Why and How ?

What is Security Testing ?
Software testing that’s done to verify whether a system under test only allows designated users and processes access to business functionality and data.

Why Security Testing is needed ?
Security Testing  is done to reveal flaws in the security mechanisms of an information system
It verifies that the business security , system's integrity and confidentiality is maintained through test conditions like active attacks (Penetration Testing) and also in passive states.
It also validates that the system's authentication processes provides access to only verified and measured resources. 

How can we do Security Testing ?
Six Important Scenarios to cover while testing for Security :
1.    Confidentiality
2.    Integrity
3.    Authentication
4.    Authorization
5.    Availability
6.    Non-repudiation 

1.    Confidentiality - A security measure which protects against the disclosure of information to parties other than the intended recipient .

2.    Integrity - A measure intended to allow the receiver to determine that the information provided by a system is correct. It involves adding information to a communication, to form the basis of an algorithmic check, rather than the encoding all of the communication.

3.    Authentication – is a way to confirm  the identity of a person or trace the origins of an artifact. It ensures that a product is what its packaging and labeling claims to be .

4.    Authorization - determines that the right requester is allowed to receive a service or perform an operation.

5.    Availability – ensures information and communications services are ready for use when required  .

6.    Non-repudiation  is a way to guarantee that the transferred message has been sent and received by the parties claiming to have sent and received the message

Links to useful posts:

·         Abstraction
·         Method Overriding
·         Method Overloading
·         Instance Variables 
·         Java Applets
·         Pop ups and Alerts
·         Absolute path
·         Relative path
·         Annotations
·         JSP Vs Servlet
·         Absolute path Vs Relative path
·         Testng Annotations - part 1
·         Model-based testing (MBT)
·         Big Data Testing
·         Cloud Testing
·         TDD Test Driven Development
·         Verification vs Validation
·         Software testing types
·         Risk Management