Security testing fundamentals


Published on

Security Testing is deemed successful when the below attributes of an application are intact
- Authentication
- Authorization
- Availability
- Confidentiality
- Integrity
- Non-Repudiation

Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.

This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Published in: Technology

Security testing fundamentals

  1. 1. Security TestingFundamentalsPresented by Cygnet Infotech Pvt. Ltd.
  2. 2. Overview• Security Testing is deemed successful when thebelow attributes of an application are intact• Authentication• Authorization• Availability• Confidentiality• Integrity•
  3. 3. Authentication• To confirm that something or someone isauthentic – true to the claims.• The digital identity of a user is validated
  4. 4. Authorization• To ensure that a person/program is authorized tosee the contents or make changes in anapplication.• User/Access rights are
  5. 5. Availability• To ensure that an application is up and running; itsservices and information available as and whenneeded.• Number of failures are reduced and backups arekept
  6. 6. Confidentiality• To make sure that the information and servicesare available only when requested by and forintended users.• Penetration testing is done and defects are
  7. 7. Integrity• To ensure that the service provides the user withcorrect information.• It is also essential to make sure that no obsoleteor outdated information is
  8. 8. Non-repudiation• To ensure that the message was sent and receivedby authentic users only.• The sender/receiver must not be able to denytheir
  9. 9. When to start Security Testing?• In general, testing must start early to minimizedefects and cost of quality.• Security testing must start right from theRequirements Gathering phase to make sure thatthe quality of end-product is high.• This is to ensure that any intentional/unintentionalunforeseen action does not halt or delay
  10. 10. SDLC and Security Testing• Requirements Gathering• Design• Development/Unit Testing• Integration Testing• System Testing• Deployment• Support/Maintenance• Security Requirements Study• Develop Security Test Plan• White box Security Testing• Black box Security Testing• Vulnerability Scanning• Penetration Testing• Post-production
  11. 11. Security Testing Typeswww.cygnet-infotech.comVulnerability Scanning•Scanning a system to findvulnerable signatures andloopholes.Penetration Testing•An attack from a hacker issimulated on the system.Ethical Hacking•The system is attacked fromwithin to expose all thesecurity flaws in the system.Risk Assessment•Observing the security risksin the system, classifyingthem as high, medium andlow.Security Scanning•Network/system weaknessare studies, analyzed andfixed.Security Review•To check that securitystandards have beenimplemented appropriatelythrough gap analysis andcode/design reviews.
  12. 12. About Cygnet Infotech• We are a global IT services & solutions provider.• We provide custom software development servicesacross technologies and domains to our clients inover 23 countries.• We are ISO 9001, ISO 27001 and CMMi Level
  13. 13. Enterprise QA & Software Testing• We provide following testing services• Functional Testing• Performance Testing• Load Testing• Automated Testing• Security Testing• Mobile
  14. 14. Contact Us• Email:• Twitter: @cygnetinfotech• Skype: cygnet-infotech-pvt-ltd