Security testing is very important to keep the system protected from malicious activities on the web.
Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. Security testing does not guarantee complete security of the system, but it is important to include security testing as a part of the testing process.
Security testing takes the following six measures to provide a secured environment −
Confidentiality − It protects against disclosure of information to unintended recipients.
Integrity − It allows transferring accurate and correct desired information from senders to intended receivers.
Authentication − It verifies and confirms the identity of the user.
Authorization − It specifies access rights to the users and resources.
Availability − It ensures readiness of the information on requirement.
Non-repudiation − It ensures there is no denial from the sender or the receiver for having sent or received the message.
Spotting a security flaw in a web-based application involves complex steps and creative thinking. At times, a simple test can expose the most severe security risk. You can try this very basic test on any web application −
Log into the web application using valid credentials.
Log out of the web application.
Click the BACK button of the browser.
Verify if you are asked to log in again or if you are able go back to the logged in page again.