Security testing
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security testing

on

  • 5,273 views

 

Statistics

Views

Total Views
5,273
Views on SlideShare
5,269
Embed Views
4

Actions

Likes
0
Downloads
305
Comments
2

1 Embed 4

http://www.slideshare.net 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security testing Presentation Transcript

  • 1. Baskar P
  • 2. Agenda
    • What is Security Testing
    • Purpose of Security Testing
    • Basic Security Testing Concepts
    • Security Testing Techniques
    • Security Testing Tools
  • 3. What is Security Testing
    • Security testing is a process to determine that an information system protects data and maintains functionality.
    • To check whether there is any information leakage.
    • To test the application whether it has unauthorized access and having the encoded security code.
    • To finding out all the potential loopholes and weaknesses of the system.
  • 4. Purpose of Security Testing
    • Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them.
    • Security Testing helps in improving the current system and also helps in ensuring that the system will work for longer time.
    • Security test helps in finding out loopholes that can cause loss of important information.
  • 5.  
  • 6. Six basic security concepts
      • Confidentiality
      • Integrity
      • Authentication
      • Authorization
      • Availability
      • Non-repudiation
  • 7. Basic security concepts
    • Confidentiality
    • Ensuring information is accessible only for those with authorized access and to prevent information theft.
    • Integrity
    • A measure intended to allow the receiver to determine that the information which it is providing is correct.
    • Authentication
    • The process of establishing the identity of the user.
  • 8. Basic security concepts (Cont..)
    • Authorization
    • The process of determining that a requester is allowed to receive a service or perform an operation.
    • Availability
    • Assuring information and communications services will be ready for use when expected.
    • Non-repudiation
    • A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
  • 9. Security Testing Techniques
    • Main security testing techniques are:
      • Vulnerability Scanning
      • Security Scanning
      • Penetration Testing
      • Ethical Hacking
      • Risk Assessment
      • Security Auditing
      • Posture Assessment & Security Testing
      • Password cracking
  • 10.
    • Vulnerability Scanning
    • It involves scanning of the application for all known vulnerabilities.
    • A computer program designed to assess computers, computer systems, networks or applications for weaknesses.
    • Generally done through various vulnerability scanning software. Ex : Nessus, Sara, and ISS.
    • Security Scanning
    • Scanning and verification of the system and applications.
    • Find out the weaknesses in the OS, applications and networks.
  • 11.
    • Penetration Testing
    • Tester may try to enter into the application / system with the help of some other application or with the help of combinations of loopholes that the application has kept open unknowingly.
    • It is the most effective way to practically find out potential loopholes in the application.
    • Ethical Hacking
    • Ethical Hacking involves number of penetration tests over the wide network on the system under test. It is conducted by ethical hackers to find possible problems in the system.
  • 12.
    • Risk Assessment
    • Is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility / probability of loss occurrence.
    • Risk assessment is carried out in the form of various interviews, discussions and analysis of the same.
    • Security Auditing
    • Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.
    • A security audit is a systematic evaluation of the security of a company's information system.
  • 13.
    • Posture Assessment and Security Testing
    • It combines Security Scanning, Ethical Hacking and Risk Assessments to show an overall Security Posture of the organization.
    • Password Cracking
    • Password cracking programs can be used to identify weak passwords.
    • Password cracking verifies that users are employing sufficiently strong passwords.
  • 14. How to write Security test cases
    • It is important to segregate based on Roles.
    • We need to delve into the negative scenario for a particular event initially before taking up the positive scenarios.
  • 15. Security Testing Tools
    • Nessus
    • Nikto
    • Gendarme
    • Flawfinder
  • 16.