Your SlideShare is downloading. ×
0
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Security testing fundamentals
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security testing fundamentals

2,264

Published on

Security Testing is deemed successful when the below attributes of an application are intact …

Security Testing is deemed successful when the below attributes of an application are intact
- Authentication
- Authorization
- Availability
- Confidentiality
- Integrity
- Non-Repudiation

Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.

This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,264
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
181
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security TestingFundamentalsPresented by Cygnet Infotech Pvt. Ltd.
  • 2. Overview• Security Testing is deemed successful when thebelow attributes of an application are intact• Authentication• Authorization• Availability• Confidentiality• Integrity• Non-Repudiationwww.cygnet-infotech.com
  • 3. Authentication• To confirm that something or someone isauthentic – true to the claims.• The digital identity of a user is validated andverified.www.cygnet-infotech.com
  • 4. Authorization• To ensure that a person/program is authorized tosee the contents or make changes in anapplication.• User/Access rights are used.www.cygnet-infotech.com
  • 5. Availability• To ensure that an application is up and running; itsservices and information available as and whenneeded.• Number of failures are reduced and backups arekept ready.www.cygnet-infotech.com
  • 6. Confidentiality• To make sure that the information and servicesare available only when requested by and forintended users.• Penetration testing is done and defects are fixed.www.cygnet-infotech.com
  • 7. Integrity• To ensure that the service provides the user withcorrect information.• It is also essential to make sure that no obsoleteor outdated information is presented.www.cygnet-infotech.com
  • 8. Non-repudiation• To ensure that the message was sent and receivedby authentic users only.• The sender/receiver must not be able to denytheir involvement.www.cygnet-infotech.com
  • 9. When to start Security Testing?• In general, testing must start early to minimizedefects and cost of quality.• Security testing must start right from theRequirements Gathering phase to make sure thatthe quality of end-product is high.• This is to ensure that any intentional/unintentionalunforeseen action does not halt or delay thesystem.www.cygnet-infotech.com
  • 10. SDLC and Security Testing• Requirements Gathering• Design• Development/Unit Testing• Integration Testing• System Testing• Deployment• Support/Maintenance• Security Requirements Study• Develop Security Test Plan• White box Security Testing• Black box Security Testing• Vulnerability Scanning• Penetration Testing• Post-production analysiswww.cygnet-infotech.com
  • 11. Security Testing Typeswww.cygnet-infotech.comVulnerability Scanning•Scanning a system to findvulnerable signatures andloopholes.Penetration Testing•An attack from a hacker issimulated on the system.Ethical Hacking•The system is attacked fromwithin to expose all thesecurity flaws in the system.Risk Assessment•Observing the security risksin the system, classifyingthem as high, medium andlow.Security Scanning•Network/system weaknessare studies, analyzed andfixed.Security Review•To check that securitystandards have beenimplemented appropriatelythrough gap analysis andcode/design reviews.
  • 12. About Cygnet Infotech• We are a global IT services & solutions provider.• We provide custom software development servicesacross technologies and domains to our clients inover 23 countries.• We are ISO 9001, ISO 27001 and CMMi Level IIICertifiedwww.cygnet-infotech.com
  • 13. Enterprise QA & Software Testing• We provide following testing services• Functional Testing• Performance Testing• Load Testing• Automated Testing• Security Testing• Mobile Testingwww.cygnet-infotech.com
  • 14. Contact Us• Email: info@cygnet-infotech.com• Twitter: @cygnetinfotech• Skype: cygnet-infotech-pvt-ltd

×