What is Security Testing?
Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. By Performing security testing, it is no guarantee that systems are secure but it is important to include the security testing as part of the testing process. It also aims at verifying 6 basic principles as listed below:
- Confidentiality
- Integrity
- Authentication
- Authorization
- Availability
- Non-repudiation
Example
Spotting a security flaw in a web based app involves complex steps and a creative thinking but, attimes a simple tests like the one below can help expose the most severe security risks. Below is a very basic security test which anyone can perform on any web application :
- Log into the web application using valid credentials.
- Log out of the web application.
- Click the BACK button of the browser. Verify if you are asked to log in again or if you are able go back to the logged in page again.
No comments:
Post a Comment