Security Testing

Advertisements


What is Security Testing?

Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:

  • Confidentiality

  • Integrity

  • Authentication

  • Authorization

  • Availability

  • Non-repudiation

Security Testing - Techniques:

  • Injection

  • Broken Authentication and Session Management

  • Cross-Site Scripting (XSS)

  • Insecure Direct Object References

  • Security Misconfiguration

  • Sensitive Data Exposure

  • Missing Function Level Access Control

  • Cross-Site Request Forgery (CSRF)

  • Using Components with Known Vulnerabilities

  • Unvalidated Redirects and Forwards

Open Source/Free Security Testing Tools:

ProductVendorURL
FxCopMicrosofthttps://www.owasp.org/index.php/FxCop
FindBugs The University of Marylandhttp://findbugs.sourceforge.net/
FlawFinder GPLhttp://www.dwheeler.com/flawfinder/
Ramp AscendGPLhttp://www.deque.com

Commercial Security Testing Tools:

ProductVendorURL
Armorize CodeSecureArmorize Technologieshttp://www.armorize.com/index.php?link_id=codesecure
GrammaTechGrammaTechhttp://www.grammatech.com/
AppscanIBMhttp://www-03.ibm.com/software/products/en/appscan-source
VeracodeVERACODE http://www.veracode.com


Advertisements
Advertisements