Topic :: Security Testing

Reply / rajendra prasad reddy

The security testing means "how safe system working from
external threats"

the level of security testing varies with the type of

the application/product/project may be any one of the
1.Desk Top
2.client Server
3.Web based Application

when we are coming down from desk top to web based
application the security measures increases.
For testing strategy varies with the type of application.

some important areas of security testing are
1.Uncontrolled System Access(By intruders)
2.Operating system flaws
3.Communication system Flaws
4.Weak encryption algorithims.....etc

Reply / sivakumar kundan

security testing:
The process to determine that an information system (IS)
protects data and maintains functionality as intended.

Reply / vamci

general aspects of security testing

Access control

Reply / uday kumar

Security Testing mainly deals with Authorization and

Authentication: Users need to be user accts to enter into
Authorization: Users must have permissions to view the pages

Reply / Monica

Security is a primary concern when communicating and
conducting business- especially sensitive and business-
critical transactions - over the internet.

The user wants assurance that personal and financial
information is secure. Finding the vulnerabilities in
an application that would grant an unauthorized user
access to the system is important.

Reply / prasadbabu1

In security testing you must and should conduct
session Tracking is very important in web applications.

Reply / suneel reddy

Security is nothing but we check authorization and access
we check with firewalls and cryptography in web applications

Reply / jay

exclamation privilege, cookies poisoning, cross-site
scripting, sql injection, spoofing password, access
denial, authorization, etc are included in security test on
web application

Reply / ravinder

verify the application whether it is securable are not from
unauthorerised access and permissions.

during security testing testing team verifies

2)access control

Reply / anitha


Reply / 423553

security testing mainly focuses on testing any
organization's system strength or safety.For example it
could be testing for external threats.

Reply / karthikbk_2000

Security testing is verifying whether the user has access
to particular webpages he is trying to access to ( web
applications) and granting privileges according to that
particular user.

In client server technology user tries to access server
pages which should be through a third party and hence
certain security layers should be passed.( credit card

Reply /

we oprate our system so its our responsbility for our
security testing we will have to follow some preqations for

1.if we are using internet so its may ne problemetic
because some of the viruses and hackers corrept our systen
so should save form these.

2.firewall should be on and make some inbound and outbound
rules also.

3.should be installed licence antivirus in our system.

4.if we always use pendrive in our syatem it may be
harmfull for our system so when we connect usbdrive firstly
press shift key continu then insert usbdrive.

5.our system password may be complex .

6.we should apply group policy sothat normal user could not
access other programs.


Reply / daviddaniel

Securing the USER'S files(data) or information from the
unauthorised user or especially from the "HACKERS"

Reply / b.sivashankari

The security testing is performed to check whether there is
any information leakage in the sense by encrypting the
application or using wide range of software’s and
hardware's and firewall etc.

Before planning for Security Testing, you will need to
think about the following parameters:

Authentication - Testing the authentication schema means
understanding how the authentication process works and
using that information to circumvent the authentication
mechanism. Basically, it allows a receiver to have
confidence that information it receives originated from a
specific known source.
Authorization - Determining that a requester is allowed to
receive a service or perform an operation.
Confidentiality - A security measure which protects the
disclosure of data or information to parties other than the
Integrity – Whether the intended receiver receives the
information or data which is not altered in transmission.
Non-repudiation - Interchange of authentication information
with some form of provable time stamp e.g. with session id