7 14 2006 102344
Software Testing - Brief Introduction To Security Testing
Security testing is an important process in order to ensure that the systems/applications your organization is using, meet the set security policies and are free from any type of loopholes, that can cause any loss to your organization.
- A security test helps in improving the current system and also helps in ensuring that the system will work for a longer period of time (or it will work without hassles for the estimated time period).
- It doesn't only include conformance of resistance of the systems your organization uses, it also ensures that people in your organization understand and obey the security policies in place.
- If involved right from the first phase of software development life cycle, it can help in eliminating the flaws in the design and implementation of the system, and in turn help the organization in blocking the potential loopholes in the earliest possible stage. This is beneficial to the organization almost in all aspects.
- Security Auditing: It includes direct inspection of the application developed and Operating Systems and any system on which it is being developed. This also involves a code walk-through.
- Security Scanning: It is all about scanning and verification of the system and applications. During security scanning, auditors inspect and try to find out the weaknesses in the OS, applications, and network(s).
- Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities. This scanning is generally done through various suitable software.
- Risk Assessment:Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility/probability of loss occurrence. Risk assessment is carried out in the form of various interviews, discussions, and analysis of the same. It helps in finding out and preparing a possible backup-plan for any type of potential risk, hence contributing towards the security conformance.
- Posture Assessment and Security Testing: This is a combination of Security Scanning, Risk Assessment, and Ethical Hacking, in order to reach a conclusive point and help your organization know its stand with context to safety.
- Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test. A tester may try to enter into the application/system with the help of some other application or with the help of combinations of loopholes that the application has kept open unknowingly. Penetration test is highly important, as it is the most effective way to practically find out potential loopholes in the application.
- Ethical Hacking: It's a forced intrusion by an external element into the system that is being tested.