Your SlideShare is downloading. ×
Security testing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security testing

5,894
views

Published on

Published in: Technology

2 Comments
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
5,894
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
405
Comments
2
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Baskar P
  • 2. Agenda
    • What is Security Testing
    • Purpose of Security Testing
    • Basic Security Testing Concepts
    • Security Testing Techniques
    • Security Testing Tools
  • 3. What is Security Testing
    • Security testing is a process to determine that an information system protects data and maintains functionality.
    • To check whether there is any information leakage.
    • To test the application whether it has unauthorized access and having the encoded security code.
    • To finding out all the potential loopholes and weaknesses of the system.
  • 4. Purpose of Security Testing
    • Primary purpose of security testing is to identify the vulnerabilities and subsequently repairing them.
    • Security Testing helps in improving the current system and also helps in ensuring that the system will work for longer time.
    • Security test helps in finding out loopholes that can cause loss of important information.
  • 5.  
  • 6. Six basic security concepts
      • Confidentiality
      • Integrity
      • Authentication
      • Authorization
      • Availability
      • Non-repudiation
  • 7. Basic security concepts
    • Confidentiality
    • Ensuring information is accessible only for those with authorized access and to prevent information theft.
    • Integrity
    • A measure intended to allow the receiver to determine that the information which it is providing is correct.
    • Authentication
    • The process of establishing the identity of the user.
  • 8. Basic security concepts (Cont..)
    • Authorization
    • The process of determining that a requester is allowed to receive a service or perform an operation.
    • Availability
    • Assuring information and communications services will be ready for use when expected.
    • Non-repudiation
    • A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
  • 9. Security Testing Techniques
    • Main security testing techniques are:
      • Vulnerability Scanning
      • Security Scanning
      • Penetration Testing
      • Ethical Hacking
      • Risk Assessment
      • Security Auditing
      • Posture Assessment & Security Testing
      • Password cracking
  • 10.
    • Vulnerability Scanning
    • It involves scanning of the application for all known vulnerabilities.
    • A computer program designed to assess computers, computer systems, networks or applications for weaknesses.
    • Generally done through various vulnerability scanning software. Ex : Nessus, Sara, and ISS.
    • Security Scanning
    • Scanning and verification of the system and applications.
    • Find out the weaknesses in the OS, applications and networks.
  • 11.
    • Penetration Testing
    • Tester may try to enter into the application / system with the help of some other application or with the help of combinations of loopholes that the application has kept open unknowingly.
    • It is the most effective way to practically find out potential loopholes in the application.
    • Ethical Hacking
    • Ethical Hacking involves number of penetration tests over the wide network on the system under test. It is conducted by ethical hackers to find possible problems in the system.
  • 12.
    • Risk Assessment
    • Is a method of analyzing and deciding the risk that depends upon the type of loss and the possibility / probability of loss occurrence.
    • Risk assessment is carried out in the form of various interviews, discussions and analysis of the same.
    • Security Auditing
    • Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.
    • A security audit is a systematic evaluation of the security of a company's information system.
  • 13.
    • Posture Assessment and Security Testing
    • It combines Security Scanning, Ethical Hacking and Risk Assessments to show an overall Security Posture of the organization.
    • Password Cracking
    • Password cracking programs can be used to identify weak passwords.
    • Password cracking verifies that users are employing sufficiently strong passwords.
  • 14. How to write Security test cases
    • It is important to segregate based on Roles.
    • We need to delve into the negative scenario for a particular event initially before taking up the positive scenarios.
  • 15. Security Testing Tools
    • Nessus
    • Nikto
    • Gendarme
    • Flawfinder
  • 16.