SlideShare a Scribd company logo

Security Testing

B
BOSS Webtech

Security Testing is a process to determine how well a system protects against unauthorized internal or external access or wilful damage. It is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software etc..

Technology
1 of 14
S ECURITY T ESTING FOR W EB AND M OBILE D EVELOPMENT Prepared by: Jyothi Venugopalan (QA Team Member) BOSS Webtech Private Limited www.bosswebtech.com
S ECURITY T ESTING  The security testing is performed to check whether there is any information leakage in the sense by encrypting the application.  Security testing is a process to determine that an information system protects data and maintains functionality as intended.
S ECURITY T ESTING  The six basic security concepts:  Authentication - It allows a receiver to have confidence that information it receives originated from a specific known source.  Authorization - Determining that a requester is allowed to receive a service or perform an operation.  Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.  Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.  Non-repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.  Availability - Assuring information and communications services will be ready for use when expected.
N EED OF S ECURITY T ESTING  Security test helps in finding out loopholes that can cause loss of important information and allow any intruder enter into the systems.  Security Testing helps in improving the current system.  Ensures that the system will work for longer time.  Ensures that people in your organization understand and obey security policies.
D IFFERENT T YPES OF S ECURITY T ESTING  Security Auditing: Security Auditing includes direct inspection of the application developed and Operating Systems. This also involves code walk-through.  Security Scanning: It is all about scanning and verification of the system and applications.  Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities.  Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility of loss occurrence.  Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test.  Ethical Hacking: It’s a forced intrusion of an external element into the system & applications that are under Security Testing.
S ECURITY T HREATS FOR W EBSITE  SQL Injection - Insertion of the SQL query into the web application which can directly interact with the backend database on server to reveal information stored in it.  Cross Site Scripting- Insertion of the scripting code into client browser. So when client send data to server database, scripting code on client side get stored into the server database.
S ECURITY T HREATS FOR W EBSITE
S ECURITY T ESTING A PPROACH FOR W EBSITE  Password cracking: In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same.  URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the querystring.  SQL Injection: Entering a single quote (‘) in any textbox should be rejected by the application.  Cross Site Scripting (XSS): Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
S ECURITY T HREATS FOR M OBILE A PPLICATION  Mobile malware and viruses: A mobile virus is an electronic virus that targets mobile phones or wireless- enabled PDAs.  Eavesdropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message etc.  Unauthorized access: careful attention needs to be paid to AAA – authentication, authorization, and accounting.  Physical security: While many notebook computers are indeed lost or stolen every year, it's a lot easier to simply misplace a mobile device.
S ECURITY T ESTING A PPROACH FOR M OBILE A PPLICATION  Authentication checks  Input Validation checks  Session Management checks  Encryption checks  Application checks  SQL injection checks  LDAP injection checks  XPATH injection checks
S ECURITY T ESTING TOOLS  Netsparker Community Edition  Websecurify  Wapiti  N-Stalker  skipfish  Scrawler  Watcher  x5s  Exploit-Me  WebScarab
S UMMARY  No Website is 100% Secure. Prevention is the better way to secure the website.  Security Vulnerability arise on different ways which up on risks.  The Critical risk is attacking the website and stealing the data.
A BOUT BOSS W EBTECH  BOSS Webtech is a process oriented design house specializing in web design, web development, backend web programming, mobile application development and other web and mobile related design and support services.  Recently launched BizPlus – Mobile based survey software. Check it more here http://bizplusonline.com/  More products here http://www.bosswebtech.com/products/products.html CONTACT BOSS WEBTECH  Call 831-998-9121 at US EST/CST/MST/PST Zone or email info@bosswebtech.com

Recommended

What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
Vikrant Kansal
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
bdemchak
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
srivinayak
 

Recommended

What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
Vikrant Kansal
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
bdemchak
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
srivinayak
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
Claranet UK
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
Claranet UK
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise Assessment
Prahlad Reddy
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
Nikhil Shaw
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
Ezhilan Elangovan (Eril)
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
Prathan Phongthiproek
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
IRJET Journal
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
Will Adams
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
Hai Nguyen
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
United Security Providers AG
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking Services
Virtue Security
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android App
Appknox
 
1. penetration-testing-cyber51
1. penetration-testing-cyber511. penetration-testing-cyber51
1. penetration-testing-cyber51
Doree Garcia, CCNA, OSWP
 
An Naba
An NabaAn Naba
An Naba
Ilham Muttaqien
 
Persatuan islam
Persatuan islamPersatuan islam
Persatuan islam
Ilham Muttaqien
 

More Related Content

What's hot

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
Claranet UK
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
Claranet UK
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise Assessment
Prahlad Reddy
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
Edureka!
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
Hai Nguyen
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 

What's hot (20)

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise Assessment
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
Ethical Hacking Services
Ethical Hacking ServicesEthical Hacking Services
Ethical Hacking Services
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android App
 
1. penetration-testing-cyber51
1. penetration-testing-cyber511. penetration-testing-cyber51
1. penetration-testing-cyber51
 

Viewers also liked

Archaebacteria dan eubacteria
Archaebacteria dan eubacteriaArchaebacteria dan eubacteria
Archaebacteria dan eubacteria
Lusi Padma
 

Viewers also liked (20)

An Naba
An NabaAn Naba
An Naba
 
Persatuan islam
Persatuan islamPersatuan islam
Persatuan islam
 
Ericsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety onlineEricsson ConsumerLab: Privacy, security and safety online
Ericsson ConsumerLab: Privacy, security and safety online
 
An Nazi'at
An Nazi'atAn Nazi'at
An Nazi'at
 
Akhlaq
AkhlaqAkhlaq
Akhlaq
 
JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON)
 
Abasa
AbasaAbasa
Abasa
 
Tari 2
Tari 2Tari 2
Tari 2
 
Archaebacteria dan eubacteria
Archaebacteria dan eubacteriaArchaebacteria dan eubacteria
Archaebacteria dan eubacteria
 
ALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with easeALMOUNKEZ Diwani , Manage your documents with ease
ALMOUNKEZ Diwani , Manage your documents with ease
 
Ikatan phi
Ikatan phiIkatan phi
Ikatan phi
 
Innovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabicInnovative systems icdl lesson 01 arabic
Innovative systems icdl lesson 01 arabic
 
Innosys2105
Innosys2105Innosys2105
Innosys2105
 
Innovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabicInnovative systems icdl lesson 02 arabic
Innovative systems icdl lesson 02 arabic
 
arabic icdl unit 1
arabic icdl unit 1arabic icdl unit 1
arabic icdl unit 1
 
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددةنظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
نظام المنقذ لتقييم الموظفين من انتاج شركة الانظمة المتجددة
 
Online Safety and Security
Online Safety and Security Online Safety and Security
Online Safety and Security
 
Cluster Computing
Cluster ComputingCluster Computing
Cluster Computing
 
Online Ethics and Etiquette
Online Ethics and Etiquette Online Ethics and Etiquette
Online Ethics and Etiquette
 
XML Document Object Model (DOM)
XML Document Object Model (DOM)XML Document Object Model (DOM)
XML Document Object Model (DOM)
 

Similar to Security Testing

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
drewz lin
 
Security Testing
Security TestingSecurity Testing
Security Testing
ISsoft
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
 

Similar to Security Testing (20)

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Best Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdfBest Security Practices for Web Application Development.pdf
Best Security Practices for Web Application Development.pdf
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Module 6.pdf
Module 6.pdfModule 6.pdf
Module 6.pdf
 
Module 6.Security in Evolving Technology
Module 6.Security in Evolving TechnologyModule 6.Security in Evolving Technology
Module 6.Security in Evolving Technology
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
C01461422
C01461422C01461422
C01461422
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Security Testing

  • 1. S ECURITY T ESTING FOR W EB AND M OBILE D EVELOPMENT Prepared by: Jyothi Venugopalan (QA Team Member) BOSS Webtech Private Limited www.bosswebtech.com
  • 2. S ECURITY T ESTING  The security testing is performed to check whether there is any information leakage in the sense by encrypting the application.  Security testing is a process to determine that an information system protects data and maintains functionality as intended.
  • 3. S ECURITY T ESTING  The six basic security concepts:  Authentication - It allows a receiver to have confidence that information it receives originated from a specific known source.  Authorization - Determining that a requester is allowed to receive a service or perform an operation.  Confidentiality - A security measure which protects the disclosure of data or information to parties other than the intended.  Integrity – Whether the intended receiver receives the information or data which is not altered in transmission.  Non-repudiation - Interchange of authentication information with some form of provable time stamp e.g. with session id etc.  Availability - Assuring information and communications services will be ready for use when expected.
  • 4. N EED OF S ECURITY T ESTING  Security test helps in finding out loopholes that can cause loss of important information and allow any intruder enter into the systems.  Security Testing helps in improving the current system.  Ensures that the system will work for longer time.  Ensures that people in your organization understand and obey security policies.
  • 5. D IFFERENT T YPES OF S ECURITY T ESTING  Security Auditing: Security Auditing includes direct inspection of the application developed and Operating Systems. This also involves code walk-through.  Security Scanning: It is all about scanning and verification of the system and applications.  Vulnerability Scanning: Vulnerability scanning involves scanning of the application for all known vulnerabilities.  Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility of loss occurrence.  Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test.  Ethical Hacking: It’s a forced intrusion of an external element into the system & applications that are under Security Testing.
  • 6. S ECURITY T HREATS FOR W EBSITE  SQL Injection - Insertion of the SQL query into the web application which can directly interact with the backend database on server to reveal information stored in it.  Cross Site Scripting- Insertion of the scripting code into client browser. So when client send data to server database, scripting code on client side get stored into the server database.
  • 7. S ECURITY T HREATS FOR W EBSITE
  • 8. S ECURITY T ESTING A PPROACH FOR W EBSITE  Password cracking: In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same.  URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the querystring.  SQL Injection: Entering a single quote (‘) in any textbox should be rejected by the application.  Cross Site Scripting (XSS): Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application.
  • 9. S ECURITY T HREATS FOR M OBILE A PPLICATION  Mobile malware and viruses: A mobile virus is an electronic virus that targets mobile phones or wireless- enabled PDAs.  Eavesdropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message etc.  Unauthorized access: careful attention needs to be paid to AAA – authentication, authorization, and accounting.  Physical security: While many notebook computers are indeed lost or stolen every year, it's a lot easier to simply misplace a mobile device.
  • 10. S ECURITY T ESTING A PPROACH FOR M OBILE A PPLICATION  Authentication checks  Input Validation checks  Session Management checks  Encryption checks  Application checks  SQL injection checks  LDAP injection checks  XPATH injection checks
  • 11. S ECURITY T ESTING TOOLS  Netsparker Community Edition  Websecurify  Wapiti  N-Stalker  skipfish  Scrawler  Watcher  x5s  Exploit-Me  WebScarab
  • 12. S UMMARY  No Website is 100% Secure. Prevention is the better way to secure the website.  Security Vulnerability arise on different ways which up on risks.  The Critical risk is attacking the website and stealing the data.
  • 13.
  • 14. A BOUT BOSS W EBTECH  BOSS Webtech is a process oriented design house specializing in web design, web development, backend web programming, mobile application development and other web and mobile related design and support services.  Recently launched BizPlus – Mobile based survey software. Check it more here http://bizplusonline.com/  More products here http://www.bosswebtech.com/products/products.html CONTACT BOSS WEBTECH  Call 831-998-9121 at US EST/CST/MST/PST Zone or email info@bosswebtech.com