Security Testing –an integral part of software development life cycle

Security testing is an integral part of any information system that verifies the security

, authenticity, and configuration etc. of the system. With the increased complexity of the systems it has become almost essential for most of the organizations to check the appropriateness of the security mechanisms and polices of their systems.

Relevance of security policy: The security policy should be relevant to the security needs of the organization or individual. Security testing policy depends on the category of traffic or network activity allowed.

System preference while testing security: Security testing is primarily aimed at those network systems which are more accessible to the public like web servers, email servers, switches and routers, both external and internal firewalls, and other important and critical systems.

Types:

Security testing is of different types. They may be classified as:

Security Auditing: It necessitates thorough inspection of an application and the concerned operating system or any other system based on which the application is developed. It often includes line by line checking of the codes.

Vulnerability Scanning: It is an automatic, predefined and systematic scanning of networks and systems against known vulnerabilities. Different types of software (e.g. Nessus, ISS etc.) are generally used for analysis of vulnerability.

Security Scanning: It includes both manual verification of the system along with automated vulnerability scanning. While manually verifying the systems and networks a security analyst can evaluate the weakness of the system and can execute customized security testing.

Penetration Testing: The security tester attempts to find the loopholes left open unknowingly. With the permission of the client the tester mimics a hacker who tries to penetrate the system. This kind of testing is a valuable tool in building up defence against hackers.

Ethical Hacking: It includes several and frequent penetration tests over a wide variety of applications on a network.

Risk Assessment: It analyzes the potential risks of a system. It is conducted in the form of interviews, discussions etc. along with research of business and legal processes.

Posture Assessment & Security Testing: It includes three components. They are Security Scanning, Risk Assessment and Ethical Hacking. This is performed to check the overall security of any organization.

Security testing should start from the first stage of the development life cycle and should be kept up-to-date to ensure complete security of a system.

Security Testing an integral part of software development life cycle

By: dipsdixon

POST COMMENT

Troubleshooting Error 8936 to overcome errors in the B-tree in MS SQL Server 2000 database How To Fix Runtime Error 429--- Learn The Fastest Way Now! How To Fix Runtime Errors 429 Safely? Are You Finding A Quick Solution To Runtime Error 216? Performing Managerial Tasks Is Easier Than Before With Database Software Systems Best Solution For Fixing Runtime Error 216 Here How To Fix Errlook.exe Errors Instantly How to Escape those Annoying Error Messages Fix Msiinfo.exe Error With Simple Clicks How To Fix Scrrun.dll Errors? Steps to Follow if MS Access File Giving Fatal System Error Instead of Opening Fix Runtime Error 173 To Speed Up Your Pc How To Get Rid Of Runtime Error 175?