SlideShare a Scribd company logo

Security testing fundamentals

Download as PPTX, PDF
Cygnet Infotech
Cygnet Infotech

Security Testing is deemed successful when the below attributes of an application are intact - Authentication - Authorization - Availability - Confidentiality - Integrity - Non-Repudiation Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.

Technology
1 of 14
Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd

Recommended

Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web ApplicationPrecise Testing Solution
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 

Recommended

Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web ApplicationPrecise Testing Solution
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systemsCognic Systems Pvt Ltd
 

More Related Content

What's hot

Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 

What's hot (20)

Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 

Similar to Security testing fundamentals

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 

Similar to Security testing fundamentals (20)

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 

More from Cygnet Infotech

Roadmap for Digital Transformation
Roadmap for Digital TransformationRoadmap for Digital Transformation
Roadmap for Digital TransformationCygnet Infotech
 
Robotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechRobotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechCygnet Infotech
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesCygnet Infotech
 
Salesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROISalesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROICygnet Infotech
 
Full-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesFull-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesCygnet Infotech
 
Modernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyModernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyCygnet Infotech
 
IT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyIT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyCygnet Infotech
 
Emerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessEmerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessCygnet Infotech
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCygnet Infotech
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationMicrosoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationCygnet Infotech
 
DevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosDevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosCygnet Infotech
 
Robotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryRobotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryCygnet Infotech
 
Quality Engineering in the New Era
Quality Engineering in the New EraQuality Engineering in the New Era
Quality Engineering in the New EraCygnet Infotech
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility Cygnet Infotech
 
5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product EngineeringCygnet Infotech
 
Successful SAP Implementation Checklist
Successful SAP Implementation ChecklistSuccessful SAP Implementation Checklist
Successful SAP Implementation ChecklistCygnet Infotech
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)Cygnet Infotech
 
Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Cygnet Infotech
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital TransformationCygnet Infotech
 

More from Cygnet Infotech (20)

Roadmap for Digital Transformation
Roadmap for Digital TransformationRoadmap for Digital Transformation
Roadmap for Digital Transformation
 
Robotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet InfotechRobotic Process Automation Capabilities - Cygnet Infotech
Robotic Process Automation Capabilities - Cygnet Infotech
 
Enterprise QA and Application Testing Services
Enterprise QA and Application Testing ServicesEnterprise QA and Application Testing Services
Enterprise QA and Application Testing Services
 
Salesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROISalesforce CRM - To Achieve Unparalleled ROI
Salesforce CRM - To Achieve Unparalleled ROI
 
Full-stack Front-end Engineering Services
Full-stack Front-end Engineering ServicesFull-stack Front-end Engineering Services
Full-stack Front-end Engineering Services
 
Modernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain TechnologyModernizing Supply Chain with Blockchain Technology
Modernizing Supply Chain with Blockchain Technology
 
IT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business StrategyIT Consulting - Aligning Technology to Business Strategy
IT Consulting - Aligning Technology to Business Strategy
 
Emerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready BusinessEmerging Technologies: The Power to Future Ready Business
Emerging Technologies: The Power to Future Ready Business
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives TransformationMicrosoft Dynamics 365 - The Engine that Thrives Transformation
Microsoft Dynamics 365 - The Engine that Thrives Transformation
 
DevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the SilosDevOps - The Best Way to Break the Silos
DevOps - The Best Way to Break the Silos
 
Robotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing IndustryRobotic Process Automation (RPA) in Manufacturing Industry
Robotic Process Automation (RPA) in Manufacturing Industry
 
Quality Engineering in the New Era
Quality Engineering in the New EraQuality Engineering in the New Era
Quality Engineering in the New Era
 
5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility 5 ways blockchain improves business flexibility
5 ways blockchain improves business flexibility
 
5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering5 Reasons to Adopt Product Engineering
5 Reasons to Adopt Product Engineering
 
Successful SAP Implementation Checklist
Successful SAP Implementation ChecklistSuccessful SAP Implementation Checklist
Successful SAP Implementation Checklist
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive Testing
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
 
Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)Introduction to Blockchain-as-a-Service (BaaS)
Introduction to Blockchain-as-a-Service (BaaS)
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation5 Ways MS Dynamics 365 Empowers Digital Transformation
5 Ways MS Dynamics 365 Empowers Digital Transformation
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 

Security testing fundamentals

  • 1. Security Testing Fundamentals Presented by Cygnet Infotech Pvt. Ltd.
  • 2. Overview • Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Availability • Confidentiality • Integrity • Non-Repudiation www.cygnet-infotech.com
  • 3. Authentication • To confirm that something or someone is authentic – true to the claims. • The digital identity of a user is validated and verified. www.cygnet-infotech.com
  • 4. Authorization • To ensure that a person/program is authorized to see the contents or make changes in an application. • User/Access rights are used. www.cygnet-infotech.com
  • 5. Availability • To ensure that an application is up and running; its services and information available as and when needed. • Number of failures are reduced and backups are kept ready. www.cygnet-infotech.com
  • 6. Confidentiality • To make sure that the information and services are available only when requested by and for intended users. • Penetration testing is done and defects are fixed. www.cygnet-infotech.com
  • 7. Integrity • To ensure that the service provides the user with correct information. • It is also essential to make sure that no obsolete or outdated information is presented. www.cygnet-infotech.com
  • 8. Non-repudiation • To ensure that the message was sent and received by authentic users only. • The sender/receiver must not be able to deny their involvement. www.cygnet-infotech.com
  • 9. When to start Security Testing? • In general, testing must start early to minimize defects and cost of quality. • Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high. • This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system. www.cygnet-infotech.com
  • 10. SDLC and Security Testing • Requirements Gathering • Design • Development/Unit Testing • Integration Testing • System Testing • Deployment • Support/Maintenance • Security Requirements Study • Develop Security Test Plan • White box Security Testing • Black box Security Testing • Vulnerability Scanning • Penetration Testing • Post-production analysis www.cygnet-infotech.com
  • 11. Security Testing Types www.cygnet-infotech.com Vulnerability Scanning •Scanning a system to find vulnerable signatures and loopholes. Penetration Testing •An attack from a hacker is simulated on the system. Ethical Hacking •The system is attacked from within to expose all the security flaws in the system. Risk Assessment •Observing the security risks in the system, classifying them as high, medium and low. Security Scanning •Network/system weakness are studies, analyzed and fixed. Security Review •To check that security standards have been implemented appropriately through gap analysis and code/design reviews.
  • 12. About Cygnet Infotech • We are a global IT services & solutions provider. • We provide custom software development services across technologies and domains to our clients in over 23 countries. • We are ISO 9001, ISO 27001 and CMMi Level III Certified www.cygnet-infotech.com
  • 13. Enterprise QA & Software Testing • We provide following testing services • Functional Testing • Performance Testing • Load Testing • Automated Testing • Security Testing • Mobile Testing www.cygnet-infotech.com
  • 14. Contact Us • Email: info@cygnet-infotech.com • Twitter: @cygnetinfotech • Skype: cygnet-infotech-pvt-ltd