Topic :: Security Testing

Reply / rajendra prasad reddy

The security testing means "how safe system working from
external threats"

the level of security testing varies with the type of
application.

the application/product/project may be any one of the
following
1.Desk Top
2.client Server
3.Web based Application

when we are coming down from desk top to web based
application the security measures increases.
For testing strategy varies with the type of application.

some important areas of security testing are
1.Uncontrolled System Access(By intruders)
2.Operating system flaws
3.Communication system Flaws
4.Weak encryption algorithims.....etc

Reply / sivakumar kundan

security testing:
The process to determine that an information system (IS)
protects data and maintains functionality as intended.




Reply / vamci

general aspects of security testing


Authorization
Access control
Encryption/Decryption

Reply / uday kumar

Security Testing mainly deals with Authorization and
authentication

Authentication: Users need to be user accts to enter into
App
Authorization: Users must have permissions to view the pages

Reply / Monica

Security is a primary concern when communicating and
conducting business- especially sensitive and business-
critical transactions - over the internet.

The user wants assurance that personal and financial
information is secure. Finding the vulnerabilities in
an application that would grant an unauthorized user
access to the system is important.

Reply / prasadbabu1

In security testing you must and should conduct
session Tracking is very important in web applications.




Reply / suneel reddy

Security is nothing but we check authorization and access
controls
we check with firewalls and cryptography in web applications

Reply / jay

exclamation privilege, cookies poisoning, cross-site
scripting, sql injection, spoofing password, access
denial, authorization, etc are included in security test on
web application

Reply / ravinder

verify the application whether it is securable are not from
unauthorerised access and permissions.


during security testing testing team verifies

1)autherisation
2)access control
3)encription/decription

Reply / anitha

DURING THIS TESTING TESTERS WILL VERIFY THE SECURITY ISSUES
OF THE APPLICATION LIKE AUTHORIZATION AND ACCESS CONTROL

Reply / 423553

security testing mainly focuses on testing any
organization's system strength or safety.For example it
could be testing for external threats.

Reply / karthikbk_2000

Security testing is verifying whether the user has access
to particular webpages he is trying to access to ( web
applications) and granting privileges according to that
particular user.

In client server technology user tries to access server
pages which should be through a third party and hence
certain security layers should be passed.( credit card
transactions)



Reply / sonu@gmail.com

we oprate our system so its our responsbility for our
security testing we will have to follow some preqations for
this


1.if we are using internet so its may ne problemetic
because some of the viruses and hackers corrept our systen
so should save form these.

2.firewall should be on and make some inbound and outbound
rules also.

3.should be installed licence antivirus in our system.

4.if we always use pendrive in our syatem it may be
harmfull for our system so when we connect usbdrive firstly
press shift key continu then insert usbdrive.

5.our system password may be complex .

6.we should apply group policy sothat normal user could not
access other programs.

thaks.............

Reply / daviddaniel

Securing the USER'S files(data) or information from the
unauthorised user or especially from the "HACKERS"

Reply / b.sivashankari

The security testing is performed to check whether there is
any information leakage in the sense by encrypting the
application or using wide range of software’s and
hardware's and firewall etc.

Before planning for Security Testing, you will need to
think about the following parameters:

Authentication - Testing the authentication schema means
understanding how the authentication process works and
using that information to circumvent the authentication
mechanism. Basically, it allows a receiver to have
confidence that information it receives originated from a
specific known source.
Authorization - Determining that a requester is allowed to
receive a service or perform an operation.
Confidentiality - A security measure which protects the
disclosure of data or information to parties other than the
intended.
Integrity – Whether the intended receiver receives the
information or data which is not altered in transmission.
Non-repudiation - Interchange of authentication information
with some form of provable time stamp e.g. with session id
etc.