Need For Security Testing
"Security means that authorized access is granted to protected data and unauthorized access is restricted."
Security testing is a procedure conducted to determine whether or not an information system properly protects data and maintains functionality as intended. The software industry is one of our most important industries today. And in the last few years the cyber-world has become even more dominating, giving new shape to many businesses. Best evidence to support this contention is the web based ERP systems used worldwide. In recent times, websites developed for entertainment, publicity or marketing purposes, have progressed into entities designed to provide the entire suite of business needs. Web based Payroll systems, Shopping Malls, Banking, and Stock Trading applications are just a few examples. Such expansion into these critical business functions has necessitated a compelling need for security.
Reasons for security testing: In addition to tracking loopholes that can cause loss of information or permit intruders into the system, security testing services helps to make systems more stable and durable. Security testing provides economical efficiency to the product by preventing these types of problems.
When planning for security testing, the following key parameters must be reviewed
Authorization: Determining which requesters are allowed to receive a service or perform an operation.
Authentication - Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. Basically, it allows a receiver to have confidence that information it receives has originated from a specific known source.
Confidentiality - A security measure that protects the disclosure of data or information to intended parties only.
Integrity Ensuring the intended receiver receives information or data unaltered in transmission.
On-repudiation - Interchange of authentication information with some form of verifiable time stamp, e.g. session id
Some techniques used for security testing:
1. Access to Application:
For example, if someone is given access to create a student account, that persons role should be limited to the creation of student accounts and should not be permitted to check assignments submitted by the student. Taking it a step further, in an educational organization, a teachers job is to teach students and the accountants job is to collect fees. As such, the accountant should have access to student account details only, and not their grades. The security testers job is to assure the correct implementation of these roles and rights to ensure security of access. To accomplish this, detailed testing of all such roles and rights are conducted. Testers should generate a number of user accounts with divergent and multiple roles and test the application handles these accounts with the properly secured access. 2. Data Protection:
The tester must query the database for 'passwords' of user accounts, billing information of clients, and additional significant and sensitive business data to confirm such data is saved in encrypted form in the database. Part of this task includes verification that proper information is being transmitted between client and server.
3. Brute-Force Attack:
The tester should authenticate that some mechanism of account suspension is available and is working properly. Examples would entail attempting to login with invalid user IDs and Passwords to make certain the software application obstructs accounts that continually attempt login with invalid information.
4. SQL Injection and XSS (cross-site scripting):
The concept behind both these attempted hacking tasks is similar. Testers should ensure that maximum lengths of every input field are defined and implemented properly and make sure input fields do not accommodate any script nor tag input.
Conclusion: Testing is a vital part of implementing security within an organization. Without secure systems, customers would be reluctant to expose critical information, such as credit card information, for the many online businesses, such as shopping sites, currently on the internet. In addition, security testing services can pinpoint areas of improvement for optimizing information throughput, reducing downtime and ensuring the best possible use of funds for the organization.
by: qathoughtleader
Top 3 Ideas For A Hot Summer Pool Party Transponder Key - A Reliable Security Device For Vehicles Sharepoint Driven Interactive Tools Applying The Mvvm Pattern When Should A Child Learn How To Swim? How To Give Property To Rent No Brand For You- Newport Cigarettes Australia, Social Networking Playing An Important Role In Relationship Woes - Seek Couples Network To Strengthe Short Sale Basics Marriage Counseling Advice - Seek A Professional Relationship Therapist How Private Detectives Save Your Relationship Amazing Holiday Sin Cornwall What Is A Relationship Quiz? Perk Up Your Ranking With Original Content For Seo