The document outlines the fundamentals of security testing, including key attributes such as authentication, authorization, availability, confidentiality, integrity, and non-repudiation. It emphasizes the importance of starting security testing early in the software development lifecycle (SDLC) and describes various testing types like vulnerability scanning, penetration testing, and ethical hacking. Cygnet Infotech, a global IT services provider, offers a range of software development and testing services and is certified in quality and security standards.

1. Security Testing
Fundamentals
Presented by Cygnet Infotech Pvt. Ltd.

2. Overview
• Security Testing is deemed successful when the
below attributes of an application are intact
• Authentication
• Authorization
• Availability
• Confidentiality
• Integrity
• Non-Repudiation
www.cygnet-infotech.com

3. Authentication
• To confirm that something or someone is
authentic – true to the claims.
• The digital identity of a user is validated and
verified.
www.cygnet-infotech.com

4. Authorization
• To ensure that a person/program is authorized to
see the contents or make changes in an
application.
• User/Access rights are used.
www.cygnet-infotech.com

5. Availability
• To ensure that an application is up and running; its
services and information available as and when
needed.
• Number of failures are reduced and backups are
kept ready.
www.cygnet-infotech.com

6. Confidentiality
• To make sure that the information and services
are available only when requested by and for
intended users.
• Penetration testing is done and defects are fixed.
www.cygnet-infotech.com

7. Integrity
• To ensure that the service provides the user with
correct information.
• It is also essential to make sure that no obsolete
or outdated information is presented.
www.cygnet-infotech.com

8. Non-repudiation
• To ensure that the message was sent and received
by authentic users only.
• The sender/receiver must not be able to deny
their involvement.
www.cygnet-infotech.com

9. When to start Security Testing?
• In general, testing must start early to minimize
defects and cost of quality.
• Security testing must start right from the
Requirements Gathering phase to make sure that
the quality of end-product is high.
• This is to ensure that any intentional/unintentional
unforeseen action does not halt or delay the
system.
www.cygnet-infotech.com

10. SDLC and Security Testing
• Requirements Gathering
• Design
• Development/Unit Testing
• Integration Testing
• System Testing
• Deployment
• Support/Maintenance
• Security Requirements Study
• Develop Security Test Plan
• White box Security Testing
• Black box Security Testing
• Vulnerability Scanning
• Penetration Testing
• Post-production analysis
www.cygnet-infotech.com

11. Security Testing Types
www.cygnet-infotech.com
Vulnerability Scanning
•Scanning a system to find
vulnerable signatures and
loopholes.
Penetration Testing
•An attack from a hacker is
simulated on the system.
Ethical Hacking
•The system is attacked from
within to expose all the
security flaws in the system.
Risk Assessment
•Observing the security risks
in the system, classifying
them as high, medium and
low.
Security Scanning
•Network/system weakness
are studies, analyzed and
fixed.
Security Review
•To check that security
standards have been
implemented appropriately
through gap analysis and
code/design reviews.

12. About Cygnet Infotech
• We are a global IT services & solutions provider.
• We provide custom software development services
across technologies and domains to our clients in
over 23 countries.
• We are ISO 9001, ISO 27001 and CMMi Level III
Certified
www.cygnet-infotech.com

13. Enterprise QA & Software Testing
• We provide following testing services
• Functional Testing
• Performance Testing
• Load Testing
• Automated Testing
• Security Testing
• Mobile Testing
www.cygnet-infotech.com

14. Contact Us
• Email: info@cygnet-infotech.com
• Twitter: @cygnetinfotech
• Skype: cygnet-infotech-pvt-ltd