- Security Testing Tutorial
- Security Testing - Home
- Security Testing - Overview
- Security Testing - Process
- Security Testing - Malicious Software
- HTTP Protocol Basics
- HTTPS Protocol Basics
- Encoding and Decoding
- Security Testing - Cryptography
- Security Testing - Same Origin Policy
- Security Testing - Cookies
- Hacking Web Applications
- Security Testing - Injection
- Testing Broken Authentication
- Testing Cross Site Scripting
- Insecure Direct Object Reference
- Testing Security Misconfiguration
- Testing Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Components with Vulnerabilities
- Unvalidated Redirects and Forwards
- Security Testing - Ajax Security
- Testing Security - Web Service
- Security Testing - Buffer Overflows
- Security Testing - Denial of Service
- Testing Malicious File Execution
- Security Testing - Automation Tools
- Security Testing Useful Resources
- Security Testing - Quick Guide
- Security Testing - Useful Resources
- Security Testing - Discussion
Security Testing - Overview
Security testing is very important to keep the system protected from malicious activities on the web.
What is Security Testing?
Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. Security testing does not guarantee complete security of the system, but it is important to include security testing as a part of the testing process.
Security testing takes the following six measures to provide a secured environment −
Confidentiality − It protects against disclosure of information to unintended recipients.
Integrity − It allows transferring accurate and correct desired information from senders to intended receivers.
Authentication − It verifies and confirms the identity of the user.
Authorization − It specifies access rights to the users and resources.
Availability − It ensures readiness of the information on requirement.
Non-repudiation − It ensures there is no denial from the sender or the receiver for having sent or received the message.
Example
Spotting a security flaw in a web-based application involves complex steps and creative thinking. At times, a simple test can expose the most severe security risk. You can try this very basic test on any web application −
Log into the web application using valid credentials.
Log out of the web application.
Click the BACK button of the browser.
Verify if you are asked to log in again or if you are able go back to the logged in page again.