Security TestingFundamentalsPresented by Cygnet Infotech Pvt. Ltd.
Overview• Security Testing is deemed successful when thebelow attributes of an application are intact• Authentication• Aut...
Authentication• To confirm that something or someone isauthentic – true to the claims.• The digital identity of a user is ...
Authorization• To ensure that a person/program is authorized tosee the contents or make changes in anapplication.• User/Ac...
Availability• To ensure that an application is up and running; itsservices and information available as and whenneeded.• N...
Confidentiality• To make sure that the information and servicesare available only when requested by and forintended users....
Integrity• To ensure that the service provides the user withcorrect information.• It is also essential to make sure that n...
Non-repudiation• To ensure that the message was sent and receivedby authentic users only.• The sender/receiver must not be...
When to start Security Testing?• In general, testing must start early to minimizedefects and cost of quality.• Security te...
SDLC and Security Testing• Requirements Gathering• Design• Development/Unit Testing• Integration Testing• System Testing• ...
Security Testing Typeswww.cygnet-infotech.comVulnerability Scanning•Scanning a system to findvulnerable signatures andloop...
About Cygnet Infotech• We are a global IT services & solutions provider.• We provide custom software development servicesa...
Enterprise QA & Software Testing• We provide following testing services• Functional Testing• Performance Testing• Load Tes...
Contact Us• Email: info@cygnet-infotech.com• Twitter: @cygnetinfotech• Skype: cygnet-infotech-pvt-ltd
Upcoming SlideShare
Loading in...5
×

Security testing fundamentals

2,609

Published on

Security Testing is deemed successful when the below attributes of an application are intact
- Authentication
- Authorization
- Availability
- Confidentiality
- Integrity
- Non-Repudiation

Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.

This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,609
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
209
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Security testing fundamentals

  1. 1. Security TestingFundamentalsPresented by Cygnet Infotech Pvt. Ltd.
  2. 2. Overview• Security Testing is deemed successful when thebelow attributes of an application are intact• Authentication• Authorization• Availability• Confidentiality• Integrity• Non-Repudiationwww.cygnet-infotech.com
  3. 3. Authentication• To confirm that something or someone isauthentic – true to the claims.• The digital identity of a user is validated andverified.www.cygnet-infotech.com
  4. 4. Authorization• To ensure that a person/program is authorized tosee the contents or make changes in anapplication.• User/Access rights are used.www.cygnet-infotech.com
  5. 5. Availability• To ensure that an application is up and running; itsservices and information available as and whenneeded.• Number of failures are reduced and backups arekept ready.www.cygnet-infotech.com
  6. 6. Confidentiality• To make sure that the information and servicesare available only when requested by and forintended users.• Penetration testing is done and defects are fixed.www.cygnet-infotech.com
  7. 7. Integrity• To ensure that the service provides the user withcorrect information.• It is also essential to make sure that no obsoleteor outdated information is presented.www.cygnet-infotech.com
  8. 8. Non-repudiation• To ensure that the message was sent and receivedby authentic users only.• The sender/receiver must not be able to denytheir involvement.www.cygnet-infotech.com
  9. 9. When to start Security Testing?• In general, testing must start early to minimizedefects and cost of quality.• Security testing must start right from theRequirements Gathering phase to make sure thatthe quality of end-product is high.• This is to ensure that any intentional/unintentionalunforeseen action does not halt or delay thesystem.www.cygnet-infotech.com
  10. 10. SDLC and Security Testing• Requirements Gathering• Design• Development/Unit Testing• Integration Testing• System Testing• Deployment• Support/Maintenance• Security Requirements Study• Develop Security Test Plan• White box Security Testing• Black box Security Testing• Vulnerability Scanning• Penetration Testing• Post-production analysiswww.cygnet-infotech.com
  11. 11. Security Testing Typeswww.cygnet-infotech.comVulnerability Scanning•Scanning a system to findvulnerable signatures andloopholes.Penetration Testing•An attack from a hacker issimulated on the system.Ethical Hacking•The system is attacked fromwithin to expose all thesecurity flaws in the system.Risk Assessment•Observing the security risksin the system, classifyingthem as high, medium andlow.Security Scanning•Network/system weaknessare studies, analyzed andfixed.Security Review•To check that securitystandards have beenimplemented appropriatelythrough gap analysis andcode/design reviews.
  12. 12. About Cygnet Infotech• We are a global IT services & solutions provider.• We provide custom software development servicesacross technologies and domains to our clients inover 23 countries.• We are ISO 9001, ISO 27001 and CMMi Level IIICertifiedwww.cygnet-infotech.com
  13. 13. Enterprise QA & Software Testing• We provide following testing services• Functional Testing• Performance Testing• Load Testing• Automated Testing• Security Testing• Mobile Testingwww.cygnet-infotech.com
  14. 14. Contact Us• Email: info@cygnet-infotech.com• Twitter: @cygnetinfotech• Skype: cygnet-infotech-pvt-ltd
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×