Your SlideShare is downloading. ×
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Security testing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security testing

6,695

Published on

Published in: Technology
2 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
6,695
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
479
Comments
2
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Baskar P
  • 2. Agenda
    • What is Security Testing
    • Purpose of Security Testing
    • Basic Security Testing Concepts
    • Security Testing Techniques
    • Security Testing Tools
  • 3. What is Security Testing
    • Security testing is a process to determine that an information system protects data and maintains functionality.
    • To check whether there is any information leakage.
    • To test the application whether it has unauthorized access and having the encoded security code.
    • To finding out all the potential loopholes and weaknesses of the system.
  • 4. Purpose of Security Testing
    • Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them.
    • Security Testing helps in improving the current system and also helps in ensuring that the system will work for longer time.
    • Security test helps in finding out loopholes that can cause loss of important information.
  • 5.  
  • 6. Six basic security concepts
      • Confidentiality
      • Integrity
      • Authentication
      • Authorization
      • Availability
      • Non-repudiation
  • 7. Basic security concepts
    • Confidentiality
    • Ensuring information is accessible only for those with authorized access and to prevent information theft.
    • Integrity
    • A measure intended to allow the receiver to determine that the information which it is providing is correct.
    • Authentication
    • The process of establishing the identity of the user.
  • 8. Basic security concepts (Cont..)
    • Authorization
    • The process of determining that a requester is allowed to receive a service or perform an operation.
    • Availability
    • Assuring information and communications services will be ready for use when expected.
    • Non-repudiation
    • A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
  • 9. Security Testing Techniques
    • Main security testing techniques are:
      • Vulnerability Scanning
      • Security Scanning
      • Penetration Testing
      • Ethical Hacking
      • Risk Assessment
      • Security Auditing
      • Posture Assessment & Security Testing
      • Password cracking
  • 10.
    • Vulnerability Scanning
    • It involves scanning of the application for all known vulnerabilities.
    • A computer program designed to assess computers, computer systems, networks or applications for weaknesses.
    • Generally done through various vulnerability scanning software. Ex : Nessus, Sara, and ISS.
    • Security Scanning
    • Scanning and verification of the system and applications.
    • Find out the weaknesses in the OS, applications and networks.
  • 11.
    • Penetration Testing
    • Tester may try to enter into the application / system with the help of some other application or with the help of combinations of loopholes that the application has kept open unknowingly.
    • It is the most effective way to practically find out potential loopholes in the application.
    • Ethical Hacking
    • Ethical Hacking involves number of penetration tests over the wide network on the system under test. It is conducted by ethical hackers to find possible problems in the system.
  • 12.
    • Risk Assessment
    • Is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility / probability of loss occurrence.
    • Risk assessment is carried out in the form of various interviews, discussions and analysis of the same.
    • Security Auditing
    • Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.
    • A security audit is a systematic evaluation of the security of a company's information system.
  • 13.
    • Posture Assessment and Security Testing
    • It combines Security Scanning, Ethical Hacking and Risk Assessments to show an overall Security Posture of the organization.
    • Password Cracking
    • Password cracking programs can be used to identify weak passwords.
    • Password cracking verifies that users are employing sufficiently strong passwords.
  • 14. How to write Security test cases
    • It is important to segregate based on Roles.
    • We need to delve into the negative scenario for a particular event initially before taking up the positive scenarios.
  • 15. Security Testing Tools
    • Nessus
    • Nikto
    • Gendarme
    • Flawfinder
  • 16.  

×