Security Testing


Published on

Security Testing is a process to determine how well a system protects against unauthorized internal or external access or wilful damage. It is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software etc..

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Testing

  1. 1. S ECURITY T ESTING FOR W EB AND M OBILE D EVELOPMENT Prepared by: Jyothi Venugopalan (QA Team Member) BOSS Webtech Private Limited
  2. 2. S ECURITY T ESTING The security testing is performed to check whether there is any information leakage in the sense by encrypting the application. Security testing is a process to determine that an information system protects data and maintains functionality as intended.
  3. 3. S ECURITY T ESTING The six basic security concepts:  Authentication - It allows a receiver to have confidence that information it receives originated from a specific known source.  Authorization - Determining that a requester is allowed to receive a service or perform an operation.  Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.  Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.  Non-repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.  Availability - Assuring information and communications services will be ready for use when expected.
  4. 4. N EED OF S ECURITY T ESTING Security test helps in finding out loopholes that can cause loss of important information and allow any intruder enter into the systems. Security Testing helps in improving the current system. Ensures that the system will work for longer time. Ensures that people in your organization understand and obey security policies.
  5. 5. D IFFERENT T YPES OF S ECURITY T ESTING Security Auditing: Security Auditing includes direct inspection of the application developed and Operating Systems. This also involves code walk-through. Security Scanning: It is all about scanning and verification of the system and applications. Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities. Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility of loss occurrence. Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test. Ethical Hacking: It’s a forced intrusion of an external element into the system & applications that are under Security Testing.
  6. 6. S ECURITY T HREATS FOR W EBSITE SQL Injection - Insertion of the SQL query into the web application which can directly interact with the backend database on server to reveal information stored in it. Cross Site Scripting- Insertion of the scripting code into client browser. So when client send data to server database, scripting code on client side get stored into the server database.
  8. 8. S ECURITY T ESTINGA PPROACH FOR W EBSITE Password cracking: In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the querystring. SQL Injection: Entering a single quote (‘) in any textbox should be rejected by the application. Cross Site Scripting (XSS): Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
  9. 9. S ECURITY T HREATS FOR M OBILE A PPLICATION Mobile malware and viruses: A mobile virus is an electronic virus that targets mobile phones or wireless- enabled PDAs. Eavesdropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message etc. Unauthorized access: careful attention needs to be paid to AAA – authentication, authorization, and accounting. Physical security: While many notebook computers are indeed lost or stolen every year, its a lot easier to simply misplace a mobile device.
  10. 10. S ECURITY T ESTING A PPROACH FOR M OBILE A PPLICATION Authentication checks Input Validation checks Session Management checks Encryption checks Application checks SQL injection checks LDAP injection checks XPATH injection checks
  11. 11. S ECURITY T ESTING TOOLS Netsparker Community Edition Websecurify Wapiti N-Stalker skipfish Scrawler Watcher x5s Exploit-Me WebScarab
  12. 12. S UMMARY No Website is 100% Secure. Prevention is the better way to secure the website. Security Vulnerability arise on different ways which up on risks. The Critical risk is attacking the website and stealing the data.
  13. 13. A BOUT BOSS W EBTECH BOSS Webtech is a process oriented design house specializing in web design, web development, backend web programming, mobile application development and other web and mobile related design and support services. Recently launched BizPlus – Mobile based survey software. Check it more here More products here CONTACT BOSS WEBTECH Call 831-998-9121 at US EST/CST/MST/PST Zone or email