Careers Home Contact Us
 
 
TESTING SERVICES
  
     
  Services  
 
Software Validation
Test Automation
Performance Testing
Outsourcing
Other Services
  Security Testing
  Compatibility Testing
 
  Domain  
     
  Delivery Models  
     
     
 
Security Testing
 

 
 

Security issues are among the highest concerns to many organizations. Despite this fact, security testing is often the least understood. Security testing is a broad effort that requires a domain of expertise beyond traditional software testing. In particular, application software security testing is very different from software functionality testing.

Application vulnerabilities leave your system open to attacks, Downtime, Data theft, Data corruption and application Defacement. Security within an application or web service is crucial to avoid such vulnerabilities and new threats.

While automated tools can help to eliminate many generic security issues, the detection of application vulnerabilities requires independent evaluation of your specific application's features and functions by experts. An external security vulnerability review will give you the best possible confidence that your application is as secure as possible.

Security testing has recently moved beyond the realm of network port scanning to include probing-software’s behavior as a critical aspect of system behavior. Unfortunately, testing software security is a commonly misunderstood task. Security testing done properly goes deeper than simple black-box probing on the presentation layer (the sort performed by so-called application security tools)-even beyond the functional testing of security apparatuses. Testers must use a risk-based approach, grounded in both the system’s architectural reality and the hacker’s mindset, to adequately gauge software security. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on those areas of code in which an attack will succeed. This approach provides a higher level of software security assurance than possible with classical black-box testing.

Objective

The two main objectives of an application security testing are

  • Verify and validate that the security requirements for the application are met.
  • Identify the security vulnerabilities of the application under the given environment

 

Security Testing Techniques

  • Vulnerability Scanning
  • Network Scanning
  • Password Cracking
  • Log Views
  • Virus Detect
  • Penetration Testing
  • File Integrity Checkers
  • War Dialing
  

Security Testing Life Cycle


The Security Testing Life Cycle stages are as follows:

  • Capture security test requirements
  • Analyze and design security test scenarios
  • Test bed implementation
  • Interpreting test reports

 
Approach

The parametric approach for security testing is
 
  • To create an exhaustive list of all security issues in the application.
  • To identify all sub-parameter for each of these issues.
  • To list all the testing activities for each sub-parameter.
  • To assign weightages corresponding to the level of security and priority.
 
       
Mail to: webmaster@kumaran.com
Copyright © 2006, Kumaran Systems. All Rights Reserved.