subject: Security Testing –an integral part of software development life cycle [print this page] Security testing is an integral part of any information system that verifies the security, authenticity, and configuration etc. of the system. With the increased complexity of the systems it has become almost essential for most of the organizations to check the appropriateness of the security mechanisms and polices of their systems.
Relevance of security policy: The security policy should be relevant to the security needs of the organization or individual. Security testing policy depends on the category of traffic or network activity allowed.
System preference while testing security: Security testing is primarily aimed at those network systems which are more accessible to the public like web servers, email servers, switches and routers, both external and internal firewalls, and other important and critical systems.
Types:
Security testing is of different types. They may be classified as:
Security Auditing: It necessitates thorough inspection of an application and the concerned operating system or any other system based on which the application is developed. It often includes line by line checking of the codes.
Vulnerability Scanning: It is an automatic, predefined and systematic scanning of networks and systems against known vulnerabilities. Different types of software (e.g. Nessus, ISS etc.) are generally used for analysis of vulnerability.
Security Scanning: It includes both manual verification of the system along with automated vulnerability scanning. While manually verifying the systems and networks a security analyst can evaluate the weakness of the system and can execute customized security testing.
Penetration Testing: The security tester attempts to find the loopholes left open unknowingly. With the permission of the client the tester mimics a hacker who tries to penetrate the system. This kind of testing is a valuable tool in building up defence against hackers.
Ethical Hacking: It includes several and frequent penetration tests over a wide variety of applications on a network.
Risk Assessment: It analyzes the potential risks of a system. It is conducted in the form of interviews, discussions etc. along with research of business and legal processes.
Posture Assessment & Security Testing: It includes three components. They are Security Scanning, Risk Assessment and Ethical Hacking. This is performed to check the overall security of any organization.
Security testing should start from the first stage of the development life cycle and should be kept up-to-date to ensure complete security of a system.
Security Testing an integral part of software development life cycle
